cobaltstrike | a9c180875feacb796498811f59eff1cd8732b6a34400abc815a40c366a3ae69f

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a9a1334d82e45df30a3010b5f73fd853
SHA1

11618c73eba1c114fda20f4af510bc3fb4656f17
SHA256

a9c180875feacb796498811f59eff1cd8732b6a34400abc815a40c366a3ae69f
SHA512

d2448183421c48bf01730b8da94b5166790923b3a394047e0a80325a4a74a411615fcef5e4614b10c3f1f79941ad806be829447f463dce51b09cacac8c567922
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU5:T+q56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012282-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019266-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019284-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001928c-26.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019256-41.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001937b-54.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193a5-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a62-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-201.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a429-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a31e-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2ed-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a063-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a059-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f5e-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f47-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d7b-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cad-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c74-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c76-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aff-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019afd-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197aa-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963a-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019632-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019397-66.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001936b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019356-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2084-0-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012282-3.dat	xmrig
behavioral1/memory/2084-6-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000019266-8.dat	xmrig
behavioral1/memory/2084-12-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2668-14-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0006000000019284-10.dat	xmrig
behavioral1/memory/2736-21-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2084-18-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x000700000001928c-26.dat	xmrig
behavioral1/memory/2752-28-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2652-36-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0032000000019256-41.dat	xmrig
behavioral1/memory/2816-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2592-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000600000001937b-54.dat	xmrig
behavioral1/memory/2736-59-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1672-60-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193a5-69.dat	xmrig
behavioral1/memory/2420-75-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/3008-91-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/1908-108-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019a62-115.dat	xmrig
behavioral1/memory/1204-819-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1908-974-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2372-622-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2404-432-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2420-251-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a431-201.dat	xmrig
behavioral1/files/0x000500000001a429-195.dat	xmrig
behavioral1/files/0x000500000001a427-189.dat	xmrig
behavioral1/files/0x000500000001a31e-185.dat	xmrig
behavioral1/files/0x000500000001a2ed-180.dat	xmrig
behavioral1/files/0x000500000001a09a-175.dat	xmrig
behavioral1/files/0x000500000001a063-170.dat	xmrig
behavioral1/files/0x000500000001a059-165.dat	xmrig
behavioral1/files/0x0005000000019f5e-160.dat	xmrig
behavioral1/files/0x0005000000019f47-155.dat	xmrig
behavioral1/files/0x0005000000019d7b-150.dat	xmrig
behavioral1/files/0x0005000000019cad-145.dat	xmrig
behavioral1/files/0x0005000000019c74-136.dat	xmrig
behavioral1/files/0x0005000000019c76-139.dat	xmrig
behavioral1/files/0x0005000000019aff-125.dat	xmrig
behavioral1/files/0x0005000000019c5b-130.dat	xmrig
behavioral1/files/0x0005000000019afd-121.dat	xmrig
behavioral1/memory/1204-100-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1672-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001963b-98.dat	xmrig
behavioral1/memory/2796-107-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197aa-106.dat	xmrig
behavioral1/files/0x000500000001963a-90.dat	xmrig
behavioral1/memory/2084-87-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2404-82-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2592-81-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019632-80.dat	xmrig
behavioral1/memory/2796-68-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2752-67-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019397-66.dat	xmrig
behavioral1/memory/2652-74-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/3008-52-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2668-51-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000600000001936b-50.dat	xmrig
behavioral1/memory/2084-35-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019356-34.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2816	Rdwkhfh.exe
2668	bIhgRZf.exe
2736	iEMLOZI.exe
2752	bASIWcx.exe
2652	rvKAVWx.exe
2592	PKASXWl.exe
3008	iSEkqJO.exe
1672	sNlpymT.exe
2796	rSjpItX.exe
2420	APpQztx.exe
2404	YbSsmXp.exe
2372	oZndVWp.exe
1204	WlwrMIm.exe
1908	SsRwVwh.exe
1860	OmpRrjl.exe
2820	Vobzzyj.exe
2860	WDhtalI.exe
1624	HKZSjOq.exe
580	OVIgfQg.exe
696	sasNeaD.exe
2892	CbTxLQr.exe
2516	TTLVTio.exe
2088	hebGaVR.exe
2316	mqSUaeW.exe
3036	qbvMcQW.exe
3000	TfWfDPR.exe
996	ALgBRMZ.exe
2188	yyNpdvV.exe
2124	FDMCkOJ.exe
1596	hIiLSWj.exe
1300	bHqUgbH.exe
1668	vtmyNTa.exe
932	orqrdAv.exe
1060	tmKYzmB.exe
1364	wacZqmv.exe
1648	xyrODgJ.exe
2200	POjSJuY.exe
1724	gBRcAbS.exe
1720	AlgLFUi.exe
1848	UlhEOVT.exe
320	kJFwCrC.exe
2172	IawuxCy.exe
2508	hAOvTuN.exe
2432	iAYyRkd.exe
1816	kUTrbXt.exe
1636	RdemxAC.exe
1448	oTLaXlA.exe
892	dgocpwB.exe
1032	DJuIeEe.exe
2784	xhPuqid.exe
1548	eumPJKA.exe
1688	VEeYwDA.exe
2764	apEhjFW.exe
2204	ONPiaQx.exe
2640	mjKYrMV.exe
2708	LEyfnJz.exe
2964	LRSiNVn.exe
1264	vjLYYoy.exe
2168	NPGQNrl.exe
1056	QhLfUnX.exe
2348	gvWmTcl.exe
1620	zDHDPyQ.exe
2340	zGPVtCF.exe
668	XkbgGzu.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2084-0-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x000b000000012282-3.dat	upx
behavioral1/memory/2084-6-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000019266-8.dat	upx
behavioral1/memory/2668-14-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0006000000019284-10.dat	upx
behavioral1/memory/2736-21-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x000700000001928c-26.dat	upx
behavioral1/memory/2752-28-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2652-36-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0032000000019256-41.dat	upx
behavioral1/memory/2816-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2592-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000600000001937b-54.dat	upx
behavioral1/memory/2736-59-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1672-60-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00070000000193a5-69.dat	upx
behavioral1/memory/2420-75-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/3008-91-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/1908-108-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019a62-115.dat	upx
behavioral1/memory/1204-819-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1908-974-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2372-622-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2404-432-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2420-251-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000500000001a431-201.dat	upx
behavioral1/files/0x000500000001a429-195.dat	upx
behavioral1/files/0x000500000001a427-189.dat	upx
behavioral1/files/0x000500000001a31e-185.dat	upx
behavioral1/files/0x000500000001a2ed-180.dat	upx
behavioral1/files/0x000500000001a09a-175.dat	upx
behavioral1/files/0x000500000001a063-170.dat	upx
behavioral1/files/0x000500000001a059-165.dat	upx
behavioral1/files/0x0005000000019f5e-160.dat	upx
behavioral1/files/0x0005000000019f47-155.dat	upx
behavioral1/files/0x0005000000019d7b-150.dat	upx
behavioral1/files/0x0005000000019cad-145.dat	upx
behavioral1/files/0x0005000000019c74-136.dat	upx
behavioral1/files/0x0005000000019c76-139.dat	upx
behavioral1/files/0x0005000000019aff-125.dat	upx
behavioral1/files/0x0005000000019c5b-130.dat	upx
behavioral1/files/0x0005000000019afd-121.dat	upx
behavioral1/memory/1204-100-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/1672-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000500000001963b-98.dat	upx
behavioral1/memory/2796-107-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00050000000197aa-106.dat	upx
behavioral1/files/0x000500000001963a-90.dat	upx
behavioral1/memory/2084-87-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2404-82-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2592-81-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0005000000019632-80.dat	upx
behavioral1/memory/2796-68-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2752-67-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000019397-66.dat	upx
behavioral1/memory/2652-74-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/3008-52-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2668-51-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000600000001936b-50.dat	upx
behavioral1/memory/2084-35-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0006000000019356-34.dat	upx
behavioral1/memory/2816-3507-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2668-3490-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lFgbHGS.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbgxPlg.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlxHcpb.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhJxywd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtDtyYe.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUYlDzf.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IATxDSa.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbGVwvA.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlzVLXL.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNJkEPt.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Sdywpjm.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMwFjnA.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLbPlmM.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDpijZd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCbRxQK.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TlWjiij.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIVoxmI.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWqQOPw.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKGPbvh.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjHzmhz.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRLZkmg.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhMBrhn.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShLZdvC.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMxbFMO.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnnQAkd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecVCXLd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieGfyTZ.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEQOUmf.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmuloSO.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCqMdez.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhatuZf.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdWUOdC.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWmLlwL.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLtQqLS.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxrnpPd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBdNJth.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAbcOWa.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVdEMCf.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovNpsux.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmmhqPw.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVHQKxG.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDVatqh.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlWvdxf.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTiUXle.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzagGZt.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRpOKfC.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZrKKDg.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTXsWqX.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnDSYrT.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVxeZKd.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COzlDvX.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhXcTin.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkwcFjT.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqrmCSD.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCxYoUJ.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipVZMIB.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmNemdY.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNdcHCn.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMCZnTk.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEWzpNP.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxWeHYK.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpWYrGx.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtkVWJk.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbYxdRK.exe	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2816	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2816	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2816	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2084 wrote to memory of 2668	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2668	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2668	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2084 wrote to memory of 2736	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2736	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2736	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2084 wrote to memory of 2752	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2752	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2752	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2084 wrote to memory of 2652	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2652	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2652	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2084 wrote to memory of 2592	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 2592	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 2592	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2084 wrote to memory of 3008	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 3008	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 3008	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2084 wrote to memory of 1672	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 1672	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 1672	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2084 wrote to memory of 2796	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2796	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2796	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2084 wrote to memory of 2420	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2420	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2420	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2084 wrote to memory of 2404	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 2404	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 2404	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2084 wrote to memory of 2372	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 2372	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 2372	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2084 wrote to memory of 1204	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 1204	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 1204	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2084 wrote to memory of 1908	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 1908	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 1908	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2084 wrote to memory of 1860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 1860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 1860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2084 wrote to memory of 2820	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2820	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2820	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2084 wrote to memory of 2860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 2860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 2860	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2084 wrote to memory of 1624	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 1624	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 1624	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2084 wrote to memory of 580	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 580	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 580	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2084 wrote to memory of 696	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 696	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 696	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2084 wrote to memory of 2892	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 2892	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 2892	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2084 wrote to memory of 2516	2084	2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_a9a1334d82e45df30a3010b5f73fd853_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\System\Rdwkhfh.exe
  C:\Windows\System\Rdwkhfh.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\bIhgRZf.exe
  C:\Windows\System\bIhgRZf.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\iEMLOZI.exe
  C:\Windows\System\iEMLOZI.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\bASIWcx.exe
  C:\Windows\System\bASIWcx.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\rvKAVWx.exe
  C:\Windows\System\rvKAVWx.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\PKASXWl.exe
  C:\Windows\System\PKASXWl.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\iSEkqJO.exe
  C:\Windows\System\iSEkqJO.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\sNlpymT.exe
  C:\Windows\System\sNlpymT.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\rSjpItX.exe
  C:\Windows\System\rSjpItX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\APpQztx.exe
  C:\Windows\System\APpQztx.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\YbSsmXp.exe
  C:\Windows\System\YbSsmXp.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\oZndVWp.exe
  C:\Windows\System\oZndVWp.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\WlwrMIm.exe
  C:\Windows\System\WlwrMIm.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\SsRwVwh.exe
  C:\Windows\System\SsRwVwh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OmpRrjl.exe
  C:\Windows\System\OmpRrjl.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\Vobzzyj.exe
  C:\Windows\System\Vobzzyj.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\WDhtalI.exe
  C:\Windows\System\WDhtalI.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\HKZSjOq.exe
  C:\Windows\System\HKZSjOq.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\OVIgfQg.exe
  C:\Windows\System\OVIgfQg.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\sasNeaD.exe
  C:\Windows\System\sasNeaD.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\CbTxLQr.exe
  C:\Windows\System\CbTxLQr.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\TTLVTio.exe
  C:\Windows\System\TTLVTio.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\hebGaVR.exe
  C:\Windows\System\hebGaVR.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\mqSUaeW.exe
  C:\Windows\System\mqSUaeW.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\qbvMcQW.exe
  C:\Windows\System\qbvMcQW.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\TfWfDPR.exe
  C:\Windows\System\TfWfDPR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ALgBRMZ.exe
  C:\Windows\System\ALgBRMZ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\yyNpdvV.exe
  C:\Windows\System\yyNpdvV.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\FDMCkOJ.exe
  C:\Windows\System\FDMCkOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\hIiLSWj.exe
  C:\Windows\System\hIiLSWj.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\bHqUgbH.exe
  C:\Windows\System\bHqUgbH.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\vtmyNTa.exe
  C:\Windows\System\vtmyNTa.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\orqrdAv.exe
  C:\Windows\System\orqrdAv.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\tmKYzmB.exe
  C:\Windows\System\tmKYzmB.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\wacZqmv.exe
  C:\Windows\System\wacZqmv.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\xyrODgJ.exe
  C:\Windows\System\xyrODgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\POjSJuY.exe
  C:\Windows\System\POjSJuY.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\gBRcAbS.exe
  C:\Windows\System\gBRcAbS.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\AlgLFUi.exe
  C:\Windows\System\AlgLFUi.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\UlhEOVT.exe
  C:\Windows\System\UlhEOVT.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\kJFwCrC.exe
  C:\Windows\System\kJFwCrC.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\IawuxCy.exe
  C:\Windows\System\IawuxCy.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\hAOvTuN.exe
  C:\Windows\System\hAOvTuN.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\iAYyRkd.exe
  C:\Windows\System\iAYyRkd.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\kUTrbXt.exe
  C:\Windows\System\kUTrbXt.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\RdemxAC.exe
  C:\Windows\System\RdemxAC.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\oTLaXlA.exe
  C:\Windows\System\oTLaXlA.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\dgocpwB.exe
  C:\Windows\System\dgocpwB.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\DJuIeEe.exe
  C:\Windows\System\DJuIeEe.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\xhPuqid.exe
  C:\Windows\System\xhPuqid.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\eumPJKA.exe
  C:\Windows\System\eumPJKA.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\VEeYwDA.exe
  C:\Windows\System\VEeYwDA.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\apEhjFW.exe
  C:\Windows\System\apEhjFW.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ONPiaQx.exe
  C:\Windows\System\ONPiaQx.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\mjKYrMV.exe
  C:\Windows\System\mjKYrMV.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\LEyfnJz.exe
  C:\Windows\System\LEyfnJz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\LRSiNVn.exe
  C:\Windows\System\LRSiNVn.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\vjLYYoy.exe
  C:\Windows\System\vjLYYoy.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\NPGQNrl.exe
  C:\Windows\System\NPGQNrl.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QhLfUnX.exe
  C:\Windows\System\QhLfUnX.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\gvWmTcl.exe
  C:\Windows\System\gvWmTcl.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\zDHDPyQ.exe
  C:\Windows\System\zDHDPyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\zGPVtCF.exe
  C:\Windows\System\zGPVtCF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\XkbgGzu.exe
  C:\Windows\System\XkbgGzu.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\zpzCHxa.exe
  C:\Windows\System\zpzCHxa.exe
  2⤵
  PID:356
- C:\Windows\System\prpNfXL.exe
  C:\Windows\System\prpNfXL.exe
  2⤵
  PID:1748
- C:\Windows\System\tBmMfqs.exe
  C:\Windows\System\tBmMfqs.exe
  2⤵
  PID:2232
- C:\Windows\System\IaPxafC.exe
  C:\Windows\System\IaPxafC.exe
  2⤵
  PID:3044
- C:\Windows\System\hQwhVhp.exe
  C:\Windows\System\hQwhVhp.exe
  2⤵
  PID:2464
- C:\Windows\System\dchhFno.exe
  C:\Windows\System\dchhFno.exe
  2⤵
  PID:1736
- C:\Windows\System\KCmyyKl.exe
  C:\Windows\System\KCmyyKl.exe
  2⤵
  PID:952
- C:\Windows\System\JDsBGPI.exe
  C:\Windows\System\JDsBGPI.exe
  2⤵
  PID:1344
- C:\Windows\System\TYznbOr.exe
  C:\Windows\System\TYznbOr.exe
  2⤵
  PID:1632
- C:\Windows\System\IGVNtYt.exe
  C:\Windows\System\IGVNtYt.exe
  2⤵
  PID:2992
- C:\Windows\System\IciOEMc.exe
  C:\Windows\System\IciOEMc.exe
  2⤵
  PID:1560
- C:\Windows\System\TlqHiVF.exe
  C:\Windows\System\TlqHiVF.exe
  2⤵
  PID:2268
- C:\Windows\System\ASPkjlc.exe
  C:\Windows\System\ASPkjlc.exe
  2⤵
  PID:1044
- C:\Windows\System\xiieUAh.exe
  C:\Windows\System\xiieUAh.exe
  2⤵
  PID:2480
- C:\Windows\System\JdSxLZp.exe
  C:\Windows\System\JdSxLZp.exe
  2⤵
  PID:1708
- C:\Windows\System\JljKyLh.exe
  C:\Windows\System\JljKyLh.exe
  2⤵
  PID:2856
- C:\Windows\System\uUHJLMn.exe
  C:\Windows\System\uUHJLMn.exe
  2⤵
  PID:2392
- C:\Windows\System\BqgAzpG.exe
  C:\Windows\System\BqgAzpG.exe
  2⤵
  PID:2300
- C:\Windows\System\jYWdNBW.exe
  C:\Windows\System\jYWdNBW.exe
  2⤵
  PID:2768
- C:\Windows\System\RmfCDXM.exe
  C:\Windows\System\RmfCDXM.exe
  2⤵
  PID:2160
- C:\Windows\System\eEuXpLy.exe
  C:\Windows\System\eEuXpLy.exe
  2⤵
  PID:2800
- C:\Windows\System\rBzqJUB.exe
  C:\Windows\System\rBzqJUB.exe
  2⤵
  PID:2692
- C:\Windows\System\bHBzQgj.exe
  C:\Windows\System\bHBzQgj.exe
  2⤵
  PID:2564
- C:\Windows\System\byTmJEX.exe
  C:\Windows\System\byTmJEX.exe
  2⤵
  PID:1880
- C:\Windows\System\QyzAQTV.exe
  C:\Windows\System\QyzAQTV.exe
  2⤵
  PID:2132
- C:\Windows\System\EXAuJoz.exe
  C:\Windows\System\EXAuJoz.exe
  2⤵
  PID:2096
- C:\Windows\System\RPbimTK.exe
  C:\Windows\System\RPbimTK.exe
  2⤵
  PID:2264
- C:\Windows\System\LzAOfEY.exe
  C:\Windows\System\LzAOfEY.exe
  2⤵
  PID:2832
- C:\Windows\System\nUoaGQQ.exe
  C:\Windows\System\nUoaGQQ.exe
  2⤵
  PID:380
- C:\Windows\System\HnEXyUG.exe
  C:\Windows\System\HnEXyUG.exe
  2⤵
  PID:604
- C:\Windows\System\sFOCMxV.exe
  C:\Windows\System\sFOCMxV.exe
  2⤵
  PID:3060
- C:\Windows\System\SOnOMlw.exe
  C:\Windows\System\SOnOMlw.exe
  2⤵
  PID:2112
- C:\Windows\System\bSaOUyi.exe
  C:\Windows\System\bSaOUyi.exe
  2⤵
  PID:2492
- C:\Windows\System\IxEbnXY.exe
  C:\Windows\System\IxEbnXY.exe
  2⤵
  PID:780
- C:\Windows\System\VPwAWjO.exe
  C:\Windows\System\VPwAWjO.exe
  2⤵
  PID:1728
- C:\Windows\System\XeCMABE.exe
  C:\Windows\System\XeCMABE.exe
  2⤵
  PID:1752
- C:\Windows\System\NJJwNvU.exe
  C:\Windows\System\NJJwNvU.exe
  2⤵
  PID:1916
- C:\Windows\System\fWvQJgn.exe
  C:\Windows\System\fWvQJgn.exe
  2⤵
  PID:2288
- C:\Windows\System\fRZZpiN.exe
  C:\Windows\System\fRZZpiN.exe
  2⤵
  PID:1784
- C:\Windows\System\eviRlym.exe
  C:\Windows\System\eviRlym.exe
  2⤵
  PID:1876
- C:\Windows\System\TmEINCa.exe
  C:\Windows\System\TmEINCa.exe
  2⤵
  PID:2672
- C:\Windows\System\nenCgnY.exe
  C:\Windows\System\nenCgnY.exe
  2⤵
  PID:2556
- C:\Windows\System\lXKhGtd.exe
  C:\Windows\System\lXKhGtd.exe
  2⤵
  PID:656
- C:\Windows\System\jNNTFos.exe
  C:\Windows\System\jNNTFos.exe
  2⤵
  PID:2424
- C:\Windows\System\XfIfxwX.exe
  C:\Windows\System\XfIfxwX.exe
  2⤵
  PID:2216
- C:\Windows\System\vPmivti.exe
  C:\Windows\System\vPmivti.exe
  2⤵
  PID:3020
- C:\Windows\System\hkVaRql.exe
  C:\Windows\System\hkVaRql.exe
  2⤵
  PID:2028
- C:\Windows\System\AHUzkkU.exe
  C:\Windows\System\AHUzkkU.exe
  2⤵
  PID:3088
- C:\Windows\System\nMZgpiL.exe
  C:\Windows\System\nMZgpiL.exe
  2⤵
  PID:3108
- C:\Windows\System\NNruIFF.exe
  C:\Windows\System\NNruIFF.exe
  2⤵
  PID:3128
- C:\Windows\System\xBKKtHy.exe
  C:\Windows\System\xBKKtHy.exe
  2⤵
  PID:3148
- C:\Windows\System\GCWOboX.exe
  C:\Windows\System\GCWOboX.exe
  2⤵
  PID:3168
- C:\Windows\System\afznBim.exe
  C:\Windows\System\afznBim.exe
  2⤵
  PID:3188
- C:\Windows\System\iqUDOOg.exe
  C:\Windows\System\iqUDOOg.exe
  2⤵
  PID:3208
- C:\Windows\System\Kgvfogr.exe
  C:\Windows\System\Kgvfogr.exe
  2⤵
  PID:3228
- C:\Windows\System\JbCKMcf.exe
  C:\Windows\System\JbCKMcf.exe
  2⤵
  PID:3248
- C:\Windows\System\UwOCZtS.exe
  C:\Windows\System\UwOCZtS.exe
  2⤵
  PID:3268
- C:\Windows\System\idlzKft.exe
  C:\Windows\System\idlzKft.exe
  2⤵
  PID:3288
- C:\Windows\System\uTWJOUP.exe
  C:\Windows\System\uTWJOUP.exe
  2⤵
  PID:3308
- C:\Windows\System\ImNyVdm.exe
  C:\Windows\System\ImNyVdm.exe
  2⤵
  PID:3328
- C:\Windows\System\PbFELyH.exe
  C:\Windows\System\PbFELyH.exe
  2⤵
  PID:3348
- C:\Windows\System\rynafsk.exe
  C:\Windows\System\rynafsk.exe
  2⤵
  PID:3368
- C:\Windows\System\JrwjaYV.exe
  C:\Windows\System\JrwjaYV.exe
  2⤵
  PID:3388
- C:\Windows\System\CzPQjPE.exe
  C:\Windows\System\CzPQjPE.exe
  2⤵
  PID:3408
- C:\Windows\System\qesCjeX.exe
  C:\Windows\System\qesCjeX.exe
  2⤵
  PID:3428
- C:\Windows\System\aStdJcl.exe
  C:\Windows\System\aStdJcl.exe
  2⤵
  PID:3448
- C:\Windows\System\zIrUKJK.exe
  C:\Windows\System\zIrUKJK.exe
  2⤵
  PID:3468
- C:\Windows\System\CpPsVDn.exe
  C:\Windows\System\CpPsVDn.exe
  2⤵
  PID:3488
- C:\Windows\System\qkmuyUf.exe
  C:\Windows\System\qkmuyUf.exe
  2⤵
  PID:3508
- C:\Windows\System\xPMCjUO.exe
  C:\Windows\System\xPMCjUO.exe
  2⤵
  PID:3528
- C:\Windows\System\PqNOGtA.exe
  C:\Windows\System\PqNOGtA.exe
  2⤵
  PID:3548
- C:\Windows\System\RtrETAW.exe
  C:\Windows\System\RtrETAW.exe
  2⤵
  PID:3568
- C:\Windows\System\NqNPdHL.exe
  C:\Windows\System\NqNPdHL.exe
  2⤵
  PID:3588
- C:\Windows\System\erQVVXT.exe
  C:\Windows\System\erQVVXT.exe
  2⤵
  PID:3608
- C:\Windows\System\fMOwkZa.exe
  C:\Windows\System\fMOwkZa.exe
  2⤵
  PID:3628
- C:\Windows\System\XeGzyOQ.exe
  C:\Windows\System\XeGzyOQ.exe
  2⤵
  PID:3648
- C:\Windows\System\ZhymAKs.exe
  C:\Windows\System\ZhymAKs.exe
  2⤵
  PID:3668
- C:\Windows\System\qJyVPqF.exe
  C:\Windows\System\qJyVPqF.exe
  2⤵
  PID:3684
- C:\Windows\System\bMFCzJV.exe
  C:\Windows\System\bMFCzJV.exe
  2⤵
  PID:3708
- C:\Windows\System\gRvxJiZ.exe
  C:\Windows\System\gRvxJiZ.exe
  2⤵
  PID:3728
- C:\Windows\System\SVHCTSr.exe
  C:\Windows\System\SVHCTSr.exe
  2⤵
  PID:3748
- C:\Windows\System\dJGnozl.exe
  C:\Windows\System\dJGnozl.exe
  2⤵
  PID:3768
- C:\Windows\System\fngxcmT.exe
  C:\Windows\System\fngxcmT.exe
  2⤵
  PID:3788
- C:\Windows\System\eboEIiF.exe
  C:\Windows\System\eboEIiF.exe
  2⤵
  PID:3808
- C:\Windows\System\aHlVPeH.exe
  C:\Windows\System\aHlVPeH.exe
  2⤵
  PID:3828
- C:\Windows\System\EAqEPBp.exe
  C:\Windows\System\EAqEPBp.exe
  2⤵
  PID:3848
- C:\Windows\System\ihZpEkl.exe
  C:\Windows\System\ihZpEkl.exe
  2⤵
  PID:3868
- C:\Windows\System\DQdnYXu.exe
  C:\Windows\System\DQdnYXu.exe
  2⤵
  PID:3888
- C:\Windows\System\MJSGTFo.exe
  C:\Windows\System\MJSGTFo.exe
  2⤵
  PID:3908
- C:\Windows\System\DeXRIRC.exe
  C:\Windows\System\DeXRIRC.exe
  2⤵
  PID:3928
- C:\Windows\System\eYOqxSV.exe
  C:\Windows\System\eYOqxSV.exe
  2⤵
  PID:3948
- C:\Windows\System\lGFEgri.exe
  C:\Windows\System\lGFEgri.exe
  2⤵
  PID:3968
- C:\Windows\System\AcWBYCZ.exe
  C:\Windows\System\AcWBYCZ.exe
  2⤵
  PID:3988
- C:\Windows\System\bvEodUF.exe
  C:\Windows\System\bvEodUF.exe
  2⤵
  PID:4008
- C:\Windows\System\nBdBXKW.exe
  C:\Windows\System\nBdBXKW.exe
  2⤵
  PID:4028
- C:\Windows\System\UmQitAj.exe
  C:\Windows\System\UmQitAj.exe
  2⤵
  PID:4048
- C:\Windows\System\GeEDGLm.exe
  C:\Windows\System\GeEDGLm.exe
  2⤵
  PID:4068
- C:\Windows\System\binZlRu.exe
  C:\Windows\System\binZlRu.exe
  2⤵
  PID:4088
- C:\Windows\System\RxweHWn.exe
  C:\Windows\System\RxweHWn.exe
  2⤵
  PID:2608
- C:\Windows\System\KHqEZBj.exe
  C:\Windows\System\KHqEZBj.exe
  2⤵
  PID:1328
- C:\Windows\System\NuXdrBn.exe
  C:\Windows\System\NuXdrBn.exe
  2⤵
  PID:1704
- C:\Windows\System\PPHRkLb.exe
  C:\Windows\System\PPHRkLb.exe
  2⤵
  PID:1788
- C:\Windows\System\WKDshik.exe
  C:\Windows\System\WKDshik.exe
  2⤵
  PID:2812
- C:\Windows\System\YYPDhgY.exe
  C:\Windows\System\YYPDhgY.exe
  2⤵
  PID:2580
- C:\Windows\System\HBCqawu.exe
  C:\Windows\System\HBCqawu.exe
  2⤵
  PID:2572
- C:\Windows\System\BRGqkon.exe
  C:\Windows\System\BRGqkon.exe
  2⤵
  PID:2748
- C:\Windows\System\EkSWqsk.exe
  C:\Windows\System\EkSWqsk.exe
  2⤵
  PID:3076
- C:\Windows\System\metGRbM.exe
  C:\Windows\System\metGRbM.exe
  2⤵
  PID:3116
- C:\Windows\System\qyVikJC.exe
  C:\Windows\System\qyVikJC.exe
  2⤵
  PID:3120
- C:\Windows\System\HixQxpK.exe
  C:\Windows\System\HixQxpK.exe
  2⤵
  PID:3184
- C:\Windows\System\TpRdmer.exe
  C:\Windows\System\TpRdmer.exe
  2⤵
  PID:3216
- C:\Windows\System\jwnlRhV.exe
  C:\Windows\System\jwnlRhV.exe
  2⤵
  PID:3260
- C:\Windows\System\wrOrbbx.exe
  C:\Windows\System\wrOrbbx.exe
  2⤵
  PID:3296
- C:\Windows\System\PPEmPsj.exe
  C:\Windows\System\PPEmPsj.exe
  2⤵
  PID:3316
- C:\Windows\System\vquwPMh.exe
  C:\Windows\System\vquwPMh.exe
  2⤵
  PID:3324
- C:\Windows\System\MNURiqn.exe
  C:\Windows\System\MNURiqn.exe
  2⤵
  PID:3364
- C:\Windows\System\mYxtfwx.exe
  C:\Windows\System\mYxtfwx.exe
  2⤵
  PID:3400
- C:\Windows\System\wrsaxSu.exe
  C:\Windows\System\wrsaxSu.exe
  2⤵
  PID:3460
- C:\Windows\System\sCWxwyi.exe
  C:\Windows\System\sCWxwyi.exe
  2⤵
  PID:3504
- C:\Windows\System\rMBtWnx.exe
  C:\Windows\System\rMBtWnx.exe
  2⤵
  PID:3536
- C:\Windows\System\Xgkejgd.exe
  C:\Windows\System\Xgkejgd.exe
  2⤵
  PID:3516
- C:\Windows\System\FacKGiS.exe
  C:\Windows\System\FacKGiS.exe
  2⤵
  PID:3564
- C:\Windows\System\pmldhdn.exe
  C:\Windows\System\pmldhdn.exe
  2⤵
  PID:3620
- C:\Windows\System\JxNvyFg.exe
  C:\Windows\System\JxNvyFg.exe
  2⤵
  PID:3664
- C:\Windows\System\SjtlABv.exe
  C:\Windows\System\SjtlABv.exe
  2⤵
  PID:3692
- C:\Windows\System\hOTueOn.exe
  C:\Windows\System\hOTueOn.exe
  2⤵
  PID:3716
- C:\Windows\System\shAzvox.exe
  C:\Windows\System\shAzvox.exe
  2⤵
  PID:3740
- C:\Windows\System\Doovwwx.exe
  C:\Windows\System\Doovwwx.exe
  2⤵
  PID:3764
- C:\Windows\System\HQXMPOp.exe
  C:\Windows\System\HQXMPOp.exe
  2⤵
  PID:3820
- C:\Windows\System\mjKBBzW.exe
  C:\Windows\System\mjKBBzW.exe
  2⤵
  PID:3864
- C:\Windows\System\VKSteDO.exe
  C:\Windows\System\VKSteDO.exe
  2⤵
  PID:3876
- C:\Windows\System\OkAgjnU.exe
  C:\Windows\System\OkAgjnU.exe
  2⤵
  PID:3916
- C:\Windows\System\eiUTQMv.exe
  C:\Windows\System\eiUTQMv.exe
  2⤵
  PID:3940
- C:\Windows\System\tKtYkLR.exe
  C:\Windows\System\tKtYkLR.exe
  2⤵
  PID:3980
- C:\Windows\System\wfnwVLE.exe
  C:\Windows\System\wfnwVLE.exe
  2⤵
  PID:4004
- C:\Windows\System\QpTkKaX.exe
  C:\Windows\System\QpTkKaX.exe
  2⤵
  PID:4060
- C:\Windows\System\XoaQvJH.exe
  C:\Windows\System\XoaQvJH.exe
  2⤵
  PID:948
- C:\Windows\System\UfnZpXs.exe
  C:\Windows\System\UfnZpXs.exe
  2⤵
  PID:2100
- C:\Windows\System\efaJsyN.exe
  C:\Windows\System\efaJsyN.exe
  2⤵
  PID:1944
- C:\Windows\System\gklsBGT.exe
  C:\Windows\System\gklsBGT.exe
  2⤵
  PID:2880
- C:\Windows\System\ibafdYD.exe
  C:\Windows\System\ibafdYD.exe
  2⤵
  PID:1104
- C:\Windows\System\cQktonS.exe
  C:\Windows\System\cQktonS.exe
  2⤵
  PID:916
- C:\Windows\System\RYKWxAF.exe
  C:\Windows\System\RYKWxAF.exe
  2⤵
  PID:3140
- C:\Windows\System\WkWLmpv.exe
  C:\Windows\System\WkWLmpv.exe
  2⤵
  PID:3200
- C:\Windows\System\frWNbaK.exe
  C:\Windows\System\frWNbaK.exe
  2⤵
  PID:3244
- C:\Windows\System\dLtQqLS.exe
  C:\Windows\System\dLtQqLS.exe
  2⤵
  PID:3256
- C:\Windows\System\HTDxEkl.exe
  C:\Windows\System\HTDxEkl.exe
  2⤵
  PID:3340
- C:\Windows\System\tlgIoAv.exe
  C:\Windows\System\tlgIoAv.exe
  2⤵
  PID:3376
- C:\Windows\System\NhcrCrD.exe
  C:\Windows\System\NhcrCrD.exe
  2⤵
  PID:3444
- C:\Windows\System\yQuvndC.exe
  C:\Windows\System\yQuvndC.exe
  2⤵
  PID:3524
- C:\Windows\System\ubDOUYs.exe
  C:\Windows\System\ubDOUYs.exe
  2⤵
  PID:3596
- C:\Windows\System\FJuIBjH.exe
  C:\Windows\System\FJuIBjH.exe
  2⤵
  PID:3616
- C:\Windows\System\tBTetqf.exe
  C:\Windows\System\tBTetqf.exe
  2⤵
  PID:3656
- C:\Windows\System\achjcHd.exe
  C:\Windows\System\achjcHd.exe
  2⤵
  PID:3704
- C:\Windows\System\NJezsCi.exe
  C:\Windows\System\NJezsCi.exe
  2⤵
  PID:3816
- C:\Windows\System\pMMwsoZ.exe
  C:\Windows\System\pMMwsoZ.exe
  2⤵
  PID:3856
- C:\Windows\System\UPHwQVU.exe
  C:\Windows\System\UPHwQVU.exe
  2⤵
  PID:3880
- C:\Windows\System\ToSDcmV.exe
  C:\Windows\System\ToSDcmV.exe
  2⤵
  PID:3936
- C:\Windows\System\WFmBKNE.exe
  C:\Windows\System\WFmBKNE.exe
  2⤵
  PID:4016
- C:\Windows\System\FgUZjPh.exe
  C:\Windows\System\FgUZjPh.exe
  2⤵
  PID:4044
- C:\Windows\System\nmsdTmV.exe
  C:\Windows\System\nmsdTmV.exe
  2⤵
  PID:1740
- C:\Windows\System\VbmGLUd.exe
  C:\Windows\System\VbmGLUd.exe
  2⤵
  PID:2568
- C:\Windows\System\MPMAWpe.exe
  C:\Windows\System\MPMAWpe.exe
  2⤵
  PID:2184
- C:\Windows\System\WNVpEQu.exe
  C:\Windows\System\WNVpEQu.exe
  2⤵
  PID:1096
- C:\Windows\System\xtlVtjo.exe
  C:\Windows\System\xtlVtjo.exe
  2⤵
  PID:3160
- C:\Windows\System\YFpYaCM.exe
  C:\Windows\System\YFpYaCM.exe
  2⤵
  PID:3276
- C:\Windows\System\ezUQvhv.exe
  C:\Windows\System\ezUQvhv.exe
  2⤵
  PID:3416
- C:\Windows\System\RPFvmrb.exe
  C:\Windows\System\RPFvmrb.exe
  2⤵
  PID:3420
- C:\Windows\System\EYpmzcG.exe
  C:\Windows\System\EYpmzcG.exe
  2⤵
  PID:3484
- C:\Windows\System\zeWdpOR.exe
  C:\Windows\System\zeWdpOR.exe
  2⤵
  PID:3600
- C:\Windows\System\OYjomUB.exe
  C:\Windows\System\OYjomUB.exe
  2⤵
  PID:3680
- C:\Windows\System\KIOmcYP.exe
  C:\Windows\System\KIOmcYP.exe
  2⤵
  PID:3836
- C:\Windows\System\cjbtkoj.exe
  C:\Windows\System\cjbtkoj.exe
  2⤵
  PID:2540
- C:\Windows\System\jWWICbb.exe
  C:\Windows\System\jWWICbb.exe
  2⤵
  PID:3944
- C:\Windows\System\hLPhWQR.exe
  C:\Windows\System\hLPhWQR.exe
  2⤵
  PID:4020
- C:\Windows\System\ZYfHCup.exe
  C:\Windows\System\ZYfHCup.exe
  2⤵
  PID:1604
- C:\Windows\System\KkenUDe.exe
  C:\Windows\System\KkenUDe.exe
  2⤵
  PID:740
- C:\Windows\System\lghGQUb.exe
  C:\Windows\System\lghGQUb.exe
  2⤵
  PID:3080
- C:\Windows\System\DmiqRXr.exe
  C:\Windows\System\DmiqRXr.exe
  2⤵
  PID:4116
- C:\Windows\System\UtENjAW.exe
  C:\Windows\System\UtENjAW.exe
  2⤵
  PID:4136
- C:\Windows\System\AzATffB.exe
  C:\Windows\System\AzATffB.exe
  2⤵
  PID:4156
- C:\Windows\System\uBdXbBx.exe
  C:\Windows\System\uBdXbBx.exe
  2⤵
  PID:4172
- C:\Windows\System\uIrsQPw.exe
  C:\Windows\System\uIrsQPw.exe
  2⤵
  PID:4196
- C:\Windows\System\DkZYJrZ.exe
  C:\Windows\System\DkZYJrZ.exe
  2⤵
  PID:4216
- C:\Windows\System\WAQMlOl.exe
  C:\Windows\System\WAQMlOl.exe
  2⤵
  PID:4236
- C:\Windows\System\AJmUWLp.exe
  C:\Windows\System\AJmUWLp.exe
  2⤵
  PID:4256
- C:\Windows\System\goQCqjt.exe
  C:\Windows\System\goQCqjt.exe
  2⤵
  PID:4276
- C:\Windows\System\nUTmNQz.exe
  C:\Windows\System\nUTmNQz.exe
  2⤵
  PID:4296
- C:\Windows\System\HksirQB.exe
  C:\Windows\System\HksirQB.exe
  2⤵
  PID:4316
- C:\Windows\System\Mfowfmj.exe
  C:\Windows\System\Mfowfmj.exe
  2⤵
  PID:4336
- C:\Windows\System\UHyonPd.exe
  C:\Windows\System\UHyonPd.exe
  2⤵
  PID:4356
- C:\Windows\System\cjJSLCg.exe
  C:\Windows\System\cjJSLCg.exe
  2⤵
  PID:4372
- C:\Windows\System\wDYTixW.exe
  C:\Windows\System\wDYTixW.exe
  2⤵
  PID:4396
- C:\Windows\System\aKqBGNp.exe
  C:\Windows\System\aKqBGNp.exe
  2⤵
  PID:4416
- C:\Windows\System\BHAkTTR.exe
  C:\Windows\System\BHAkTTR.exe
  2⤵
  PID:4436
- C:\Windows\System\KsEeYNR.exe
  C:\Windows\System\KsEeYNR.exe
  2⤵
  PID:4456
- C:\Windows\System\pLuYDFN.exe
  C:\Windows\System\pLuYDFN.exe
  2⤵
  PID:4476
- C:\Windows\System\HOIUQMc.exe
  C:\Windows\System\HOIUQMc.exe
  2⤵
  PID:4492
- C:\Windows\System\zFGYXjb.exe
  C:\Windows\System\zFGYXjb.exe
  2⤵
  PID:4520
- C:\Windows\System\mLiuhFy.exe
  C:\Windows\System\mLiuhFy.exe
  2⤵
  PID:4540
- C:\Windows\System\zMsmbbv.exe
  C:\Windows\System\zMsmbbv.exe
  2⤵
  PID:4560
- C:\Windows\System\ZmmwTjT.exe
  C:\Windows\System\ZmmwTjT.exe
  2⤵
  PID:4580
- C:\Windows\System\EYHudtX.exe
  C:\Windows\System\EYHudtX.exe
  2⤵
  PID:4600
- C:\Windows\System\DOCocJX.exe
  C:\Windows\System\DOCocJX.exe
  2⤵
  PID:4620
- C:\Windows\System\VzxzAHM.exe
  C:\Windows\System\VzxzAHM.exe
  2⤵
  PID:4640
- C:\Windows\System\wArslja.exe
  C:\Windows\System\wArslja.exe
  2⤵
  PID:4660
- C:\Windows\System\gIhjrVN.exe
  C:\Windows\System\gIhjrVN.exe
  2⤵
  PID:4680
- C:\Windows\System\DhaFYVP.exe
  C:\Windows\System\DhaFYVP.exe
  2⤵
  PID:4700
- C:\Windows\System\OaOiRxi.exe
  C:\Windows\System\OaOiRxi.exe
  2⤵
  PID:4720
- C:\Windows\System\hTrKhnO.exe
  C:\Windows\System\hTrKhnO.exe
  2⤵
  PID:4740
- C:\Windows\System\xfFtGrm.exe
  C:\Windows\System\xfFtGrm.exe
  2⤵
  PID:4760
- C:\Windows\System\RHhlbJo.exe
  C:\Windows\System\RHhlbJo.exe
  2⤵
  PID:4780
- C:\Windows\System\vlHAHct.exe
  C:\Windows\System\vlHAHct.exe
  2⤵
  PID:4800
- C:\Windows\System\xAJBbPL.exe
  C:\Windows\System\xAJBbPL.exe
  2⤵
  PID:4820
- C:\Windows\System\TaXYbmi.exe
  C:\Windows\System\TaXYbmi.exe
  2⤵
  PID:4840
- C:\Windows\System\MoUVTnH.exe
  C:\Windows\System\MoUVTnH.exe
  2⤵
  PID:4860
- C:\Windows\System\DRSvaVW.exe
  C:\Windows\System\DRSvaVW.exe
  2⤵
  PID:4880
- C:\Windows\System\nAzqxtF.exe
  C:\Windows\System\nAzqxtF.exe
  2⤵
  PID:4900
- C:\Windows\System\QgtThaZ.exe
  C:\Windows\System\QgtThaZ.exe
  2⤵
  PID:4920
- C:\Windows\System\uYmlLlH.exe
  C:\Windows\System\uYmlLlH.exe
  2⤵
  PID:4940
- C:\Windows\System\fowSNdF.exe
  C:\Windows\System\fowSNdF.exe
  2⤵
  PID:4960
- C:\Windows\System\oNjcFsI.exe
  C:\Windows\System\oNjcFsI.exe
  2⤵
  PID:4980
- C:\Windows\System\zJogDTG.exe
  C:\Windows\System\zJogDTG.exe
  2⤵
  PID:5000
- C:\Windows\System\JVJwXjp.exe
  C:\Windows\System\JVJwXjp.exe
  2⤵
  PID:5024
- C:\Windows\System\dTCGnjN.exe
  C:\Windows\System\dTCGnjN.exe
  2⤵
  PID:5044
- C:\Windows\System\aWQQCHX.exe
  C:\Windows\System\aWQQCHX.exe
  2⤵
  PID:5064
- C:\Windows\System\GnQihBz.exe
  C:\Windows\System\GnQihBz.exe
  2⤵
  PID:5084
- C:\Windows\System\TTiUXle.exe
  C:\Windows\System\TTiUXle.exe
  2⤵
  PID:5104
- C:\Windows\System\kjLqRGs.exe
  C:\Windows\System\kjLqRGs.exe
  2⤵
  PID:3264
- C:\Windows\System\vvuFsLV.exe
  C:\Windows\System\vvuFsLV.exe
  2⤵
  PID:3464
- C:\Windows\System\AtynNfv.exe
  C:\Windows\System\AtynNfv.exe
  2⤵
  PID:3500
- C:\Windows\System\lVXYweN.exe
  C:\Windows\System\lVXYweN.exe
  2⤵
  PID:3624
- C:\Windows\System\HHXQHOC.exe
  C:\Windows\System\HHXQHOC.exe
  2⤵
  PID:3744
- C:\Windows\System\ripAvFR.exe
  C:\Windows\System\ripAvFR.exe
  2⤵
  PID:832
- C:\Windows\System\LXfIQBU.exe
  C:\Windows\System\LXfIQBU.exe
  2⤵
  PID:2240
- C:\Windows\System\PyeAOkf.exe
  C:\Windows\System\PyeAOkf.exe
  2⤵
  PID:4104
- C:\Windows\System\hjIThHr.exe
  C:\Windows\System\hjIThHr.exe
  2⤵
  PID:3164
- C:\Windows\System\tewBLQQ.exe
  C:\Windows\System\tewBLQQ.exe
  2⤵
  PID:4132
- C:\Windows\System\JqkHZRT.exe
  C:\Windows\System\JqkHZRT.exe
  2⤵
  PID:4192
- C:\Windows\System\mnTVAAu.exe
  C:\Windows\System\mnTVAAu.exe
  2⤵
  PID:4212
- C:\Windows\System\BFnUstU.exe
  C:\Windows\System\BFnUstU.exe
  2⤵
  PID:4272
- C:\Windows\System\hYtRikm.exe
  C:\Windows\System\hYtRikm.exe
  2⤵
  PID:4284
- C:\Windows\System\zVqLZyX.exe
  C:\Windows\System\zVqLZyX.exe
  2⤵
  PID:4288
- C:\Windows\System\ICeUgcx.exe
  C:\Windows\System\ICeUgcx.exe
  2⤵
  PID:4332
- C:\Windows\System\yBYgAKk.exe
  C:\Windows\System\yBYgAKk.exe
  2⤵
  PID:4392
- C:\Windows\System\ScJhYDc.exe
  C:\Windows\System\ScJhYDc.exe
  2⤵
  PID:4424
- C:\Windows\System\mjGtCGG.exe
  C:\Windows\System\mjGtCGG.exe
  2⤵
  PID:4452
- C:\Windows\System\vLcXWHD.exe
  C:\Windows\System\vLcXWHD.exe
  2⤵
  PID:4484
- C:\Windows\System\HBesGuc.exe
  C:\Windows\System\HBesGuc.exe
  2⤵
  PID:4508
- C:\Windows\System\hyBiIzn.exe
  C:\Windows\System\hyBiIzn.exe
  2⤵
  PID:4556
- C:\Windows\System\eckZnKO.exe
  C:\Windows\System\eckZnKO.exe
  2⤵
  PID:4596
- C:\Windows\System\yUTyMGW.exe
  C:\Windows\System\yUTyMGW.exe
  2⤵
  PID:4636
- C:\Windows\System\QVfiisi.exe
  C:\Windows\System\QVfiisi.exe
  2⤵
  PID:4656
- C:\Windows\System\gZrzMIW.exe
  C:\Windows\System\gZrzMIW.exe
  2⤵
  PID:4652
- C:\Windows\System\RmZrSkV.exe
  C:\Windows\System\RmZrSkV.exe
  2⤵
  PID:4716
- C:\Windows\System\ABWdPsE.exe
  C:\Windows\System\ABWdPsE.exe
  2⤵
  PID:4732
- C:\Windows\System\aybgzxM.exe
  C:\Windows\System\aybgzxM.exe
  2⤵
  PID:4772
- C:\Windows\System\QprksVl.exe
  C:\Windows\System\QprksVl.exe
  2⤵
  PID:4816
- C:\Windows\System\lLKwtPB.exe
  C:\Windows\System\lLKwtPB.exe
  2⤵
  PID:2496
- C:\Windows\System\gtCyAFL.exe
  C:\Windows\System\gtCyAFL.exe
  2⤵
  PID:4872
- C:\Windows\System\ceccXPl.exe
  C:\Windows\System\ceccXPl.exe
  2⤵
  PID:4912
- C:\Windows\System\qPqWzwf.exe
  C:\Windows\System\qPqWzwf.exe
  2⤵
  PID:4932
- C:\Windows\System\ELUlAaC.exe
  C:\Windows\System\ELUlAaC.exe
  2⤵
  PID:4968
- C:\Windows\System\gNOAuZT.exe
  C:\Windows\System\gNOAuZT.exe
  2⤵
  PID:4996
- C:\Windows\System\APtHnzw.exe
  C:\Windows\System\APtHnzw.exe
  2⤵
  PID:5036
- C:\Windows\System\lvOPqgX.exe
  C:\Windows\System\lvOPqgX.exe
  2⤵
  PID:5080
- C:\Windows\System\hUDzwgz.exe
  C:\Windows\System\hUDzwgz.exe
  2⤵
  PID:3104
- C:\Windows\System\mthMlyn.exe
  C:\Windows\System\mthMlyn.exe
  2⤵
  PID:3284
- C:\Windows\System\DuAcTqW.exe
  C:\Windows\System\DuAcTqW.exe
  2⤵
  PID:3576
- C:\Windows\System\QlxHcpb.exe
  C:\Windows\System\QlxHcpb.exe
  2⤵
  PID:3720
- C:\Windows\System\VtbdERR.exe
  C:\Windows\System\VtbdERR.exe
  2⤵
  PID:3960
- C:\Windows\System\MRujjhC.exe
  C:\Windows\System\MRujjhC.exe
  2⤵
  PID:1840
- C:\Windows\System\qtREbDl.exe
  C:\Windows\System\qtREbDl.exe
  2⤵
  PID:4180
- C:\Windows\System\nOSrqoH.exe
  C:\Windows\System\nOSrqoH.exe
  2⤵
  PID:4168
- C:\Windows\System\DNrssKJ.exe
  C:\Windows\System\DNrssKJ.exe
  2⤵
  PID:4248
- C:\Windows\System\mNwpBgi.exe
  C:\Windows\System\mNwpBgi.exe
  2⤵
  PID:4308
- C:\Windows\System\oNCdcBE.exe
  C:\Windows\System\oNCdcBE.exe
  2⤵
  PID:4348
- C:\Windows\System\hFqfGoI.exe
  C:\Windows\System\hFqfGoI.exe
  2⤵
  PID:4404
- C:\Windows\System\mldfxzY.exe
  C:\Windows\System\mldfxzY.exe
  2⤵
  PID:4512
- C:\Windows\System\tmmhqPw.exe
  C:\Windows\System\tmmhqPw.exe
  2⤵
  PID:4548
- C:\Windows\System\qWMtrGm.exe
  C:\Windows\System\qWMtrGm.exe
  2⤵
  PID:4648
- C:\Windows\System\oTazTcH.exe
  C:\Windows\System\oTazTcH.exe
  2⤵
  PID:4632
- C:\Windows\System\lthyrHD.exe
  C:\Windows\System\lthyrHD.exe
  2⤵
  PID:1480
- C:\Windows\System\sQpwpAG.exe
  C:\Windows\System\sQpwpAG.exe
  2⤵
  PID:4728
- C:\Windows\System\eDSUrCc.exe
  C:\Windows\System\eDSUrCc.exe
  2⤵
  PID:4792
- C:\Windows\System\HTRelsw.exe
  C:\Windows\System\HTRelsw.exe
  2⤵
  PID:4808
- C:\Windows\System\UCxYoUJ.exe
  C:\Windows\System\UCxYoUJ.exe
  2⤵
  PID:4852
- C:\Windows\System\MMSyDAz.exe
  C:\Windows\System\MMSyDAz.exe
  2⤵
  PID:4856
- C:\Windows\System\cgijnbU.exe
  C:\Windows\System\cgijnbU.exe
  2⤵
  PID:4936
- C:\Windows\System\SrzZLfn.exe
  C:\Windows\System\SrzZLfn.exe
  2⤵
  PID:5016
- C:\Windows\System\PGRrepy.exe
  C:\Windows\System\PGRrepy.exe
  2⤵
  PID:5092
- C:\Windows\System\xehxRBZ.exe
  C:\Windows\System\xehxRBZ.exe
  2⤵
  PID:3440
- C:\Windows\System\yEJZueJ.exe
  C:\Windows\System\yEJZueJ.exe
  2⤵
  PID:4040
- C:\Windows\System\yCwvNia.exe
  C:\Windows\System\yCwvNia.exe
  2⤵
  PID:3040
- C:\Windows\System\igfbdPu.exe
  C:\Windows\System\igfbdPu.exe
  2⤵
  PID:4108
- C:\Windows\System\YitAXGR.exe
  C:\Windows\System\YitAXGR.exe
  2⤵
  PID:4264
- C:\Windows\System\KgbziAX.exe
  C:\Windows\System\KgbziAX.exe
  2⤵
  PID:4384
- C:\Windows\System\bNdDfwq.exe
  C:\Windows\System\bNdDfwq.exe
  2⤵
  PID:4244
- C:\Windows\System\wQcFYiM.exe
  C:\Windows\System\wQcFYiM.exe
  2⤵
  PID:4368
- C:\Windows\System\FyoMDTf.exe
  C:\Windows\System\FyoMDTf.exe
  2⤵
  PID:4472
- C:\Windows\System\VVGhPGR.exe
  C:\Windows\System\VVGhPGR.exe
  2⤵
  PID:4628
- C:\Windows\System\AXZgCnY.exe
  C:\Windows\System\AXZgCnY.exe
  2⤵
  PID:4916
- C:\Windows\System\WxWeHYK.exe
  C:\Windows\System\WxWeHYK.exe
  2⤵
  PID:2648
- C:\Windows\System\CIXqIDy.exe
  C:\Windows\System\CIXqIDy.exe
  2⤵
  PID:4892
- C:\Windows\System\BaPzjea.exe
  C:\Windows\System\BaPzjea.exe
  2⤵
  PID:5132
- C:\Windows\System\piCohxW.exe
  C:\Windows\System\piCohxW.exe
  2⤵
  PID:5152
- C:\Windows\System\uWHBOlB.exe
  C:\Windows\System\uWHBOlB.exe
  2⤵
  PID:5172
- C:\Windows\System\BTLwbqB.exe
  C:\Windows\System\BTLwbqB.exe
  2⤵
  PID:5192
- C:\Windows\System\GxPZziZ.exe
  C:\Windows\System\GxPZziZ.exe
  2⤵
  PID:5212
- C:\Windows\System\vDbUdXP.exe
  C:\Windows\System\vDbUdXP.exe
  2⤵
  PID:5232
- C:\Windows\System\DjInvYx.exe
  C:\Windows\System\DjInvYx.exe
  2⤵
  PID:5252
- C:\Windows\System\WAwlrQc.exe
  C:\Windows\System\WAwlrQc.exe
  2⤵
  PID:5272
- C:\Windows\System\YSSyVlT.exe
  C:\Windows\System\YSSyVlT.exe
  2⤵
  PID:5292
- C:\Windows\System\VXTIOZu.exe
  C:\Windows\System\VXTIOZu.exe
  2⤵
  PID:5312
- C:\Windows\System\wPQRlFY.exe
  C:\Windows\System\wPQRlFY.exe
  2⤵
  PID:5332
- C:\Windows\System\usikquo.exe
  C:\Windows\System\usikquo.exe
  2⤵
  PID:5352
- C:\Windows\System\wwrqXBw.exe
  C:\Windows\System\wwrqXBw.exe
  2⤵
  PID:5372
- C:\Windows\System\dTJIoGO.exe
  C:\Windows\System\dTJIoGO.exe
  2⤵
  PID:5392
- C:\Windows\System\UezgQAN.exe
  C:\Windows\System\UezgQAN.exe
  2⤵
  PID:5412
- C:\Windows\System\XqXnsHw.exe
  C:\Windows\System\XqXnsHw.exe
  2⤵
  PID:5432
- C:\Windows\System\euITARq.exe
  C:\Windows\System\euITARq.exe
  2⤵
  PID:5452
- C:\Windows\System\qhwHHhw.exe
  C:\Windows\System\qhwHHhw.exe
  2⤵
  PID:5468
- C:\Windows\System\IxhPgLL.exe
  C:\Windows\System\IxhPgLL.exe
  2⤵
  PID:5492
- C:\Windows\System\nOScAdo.exe
  C:\Windows\System\nOScAdo.exe
  2⤵
  PID:5512
- C:\Windows\System\ZUKvZRT.exe
  C:\Windows\System\ZUKvZRT.exe
  2⤵
  PID:5532
- C:\Windows\System\WgBBZHu.exe
  C:\Windows\System\WgBBZHu.exe
  2⤵
  PID:5548
- C:\Windows\System\xCwMQQm.exe
  C:\Windows\System\xCwMQQm.exe
  2⤵
  PID:5572
- C:\Windows\System\MBOSzlO.exe
  C:\Windows\System\MBOSzlO.exe
  2⤵
  PID:5592
- C:\Windows\System\CocJdFQ.exe
  C:\Windows\System\CocJdFQ.exe
  2⤵
  PID:5612
- C:\Windows\System\YzGtKRW.exe
  C:\Windows\System\YzGtKRW.exe
  2⤵
  PID:5632
- C:\Windows\System\JvkPkLV.exe
  C:\Windows\System\JvkPkLV.exe
  2⤵
  PID:5652
- C:\Windows\System\HQyLGiH.exe
  C:\Windows\System\HQyLGiH.exe
  2⤵
  PID:5672
- C:\Windows\System\dAYTsuv.exe
  C:\Windows\System\dAYTsuv.exe
  2⤵
  PID:5692
- C:\Windows\System\FaZhviA.exe
  C:\Windows\System\FaZhviA.exe
  2⤵
  PID:5712
- C:\Windows\System\GDGVIwR.exe
  C:\Windows\System\GDGVIwR.exe
  2⤵
  PID:5732
- C:\Windows\System\wbiQvKa.exe
  C:\Windows\System\wbiQvKa.exe
  2⤵
  PID:5748
- C:\Windows\System\jlWQIrt.exe
  C:\Windows\System\jlWQIrt.exe
  2⤵
  PID:5772
- C:\Windows\System\kMBUDFq.exe
  C:\Windows\System\kMBUDFq.exe
  2⤵
  PID:5792
- C:\Windows\System\vWeDoeC.exe
  C:\Windows\System\vWeDoeC.exe
  2⤵
  PID:5812
- C:\Windows\System\cBuVmyb.exe
  C:\Windows\System\cBuVmyb.exe
  2⤵
  PID:5832
- C:\Windows\System\gyJeDjO.exe
  C:\Windows\System\gyJeDjO.exe
  2⤵
  PID:5852
- C:\Windows\System\HSZMcPp.exe
  C:\Windows\System\HSZMcPp.exe
  2⤵
  PID:5872
- C:\Windows\System\tdeoOmb.exe
  C:\Windows\System\tdeoOmb.exe
  2⤵
  PID:5892
- C:\Windows\System\NSoNWpQ.exe
  C:\Windows\System\NSoNWpQ.exe
  2⤵
  PID:5912
- C:\Windows\System\qwziSTt.exe
  C:\Windows\System\qwziSTt.exe
  2⤵
  PID:5932
- C:\Windows\System\slBFSUw.exe
  C:\Windows\System\slBFSUw.exe
  2⤵
  PID:5952
- C:\Windows\System\iupBSRG.exe
  C:\Windows\System\iupBSRG.exe
  2⤵
  PID:5972
- C:\Windows\System\rwXFKBR.exe
  C:\Windows\System\rwXFKBR.exe
  2⤵
  PID:5992
- C:\Windows\System\HODOaLp.exe
  C:\Windows\System\HODOaLp.exe
  2⤵
  PID:6012
- C:\Windows\System\zBuWNio.exe
  C:\Windows\System\zBuWNio.exe
  2⤵
  PID:6032
- C:\Windows\System\bcYxron.exe
  C:\Windows\System\bcYxron.exe
  2⤵
  PID:6052
- C:\Windows\System\zTDMshD.exe
  C:\Windows\System\zTDMshD.exe
  2⤵
  PID:6072
- C:\Windows\System\kihLpaE.exe
  C:\Windows\System\kihLpaE.exe
  2⤵
  PID:6092
- C:\Windows\System\xvSRVst.exe
  C:\Windows\System\xvSRVst.exe
  2⤵
  PID:6112
- C:\Windows\System\cThEcCk.exe
  C:\Windows\System\cThEcCk.exe
  2⤵
  PID:6132
- C:\Windows\System\EFSDCkR.exe
  C:\Windows\System\EFSDCkR.exe
  2⤵
  PID:4848
- C:\Windows\System\rbTlAKk.exe
  C:\Windows\System\rbTlAKk.exe
  2⤵
  PID:5008
- C:\Windows\System\LeJHAkb.exe
  C:\Windows\System\LeJHAkb.exe
  2⤵
  PID:3996
- C:\Windows\System\ObOQdey.exe
  C:\Windows\System\ObOQdey.exe
  2⤵
  PID:4084
- C:\Windows\System\ipGsnaf.exe
  C:\Windows\System\ipGsnaf.exe
  2⤵
  PID:3736
- C:\Windows\System\DVwoscz.exe
  C:\Windows\System\DVwoscz.exe
  2⤵
  PID:4228
- C:\Windows\System\uCYdfQC.exe
  C:\Windows\System\uCYdfQC.exe
  2⤵
  PID:4612
- C:\Windows\System\vYBpgkw.exe
  C:\Windows\System\vYBpgkw.exe
  2⤵
  PID:4568
- C:\Windows\System\kJopzQj.exe
  C:\Windows\System\kJopzQj.exe
  2⤵
  PID:4676
- C:\Windows\System\UOfXLOJ.exe
  C:\Windows\System\UOfXLOJ.exe
  2⤵
  PID:4788
- C:\Windows\System\AlYogGR.exe
  C:\Windows\System\AlYogGR.exe
  2⤵
  PID:4832
- C:\Windows\System\IRTbdCU.exe
  C:\Windows\System\IRTbdCU.exe
  2⤵
  PID:5168
- C:\Windows\System\NfHzZKL.exe
  C:\Windows\System\NfHzZKL.exe
  2⤵
  PID:632
- C:\Windows\System\jAVAtGj.exe
  C:\Windows\System\jAVAtGj.exe
  2⤵
  PID:5204
- C:\Windows\System\oXPmIPY.exe
  C:\Windows\System\oXPmIPY.exe
  2⤵
  PID:5248
- C:\Windows\System\dGTNwJV.exe
  C:\Windows\System\dGTNwJV.exe
  2⤵
  PID:5288
- C:\Windows\System\YgtxGsh.exe
  C:\Windows\System\YgtxGsh.exe
  2⤵
  PID:5320
- C:\Windows\System\yUSNmyE.exe
  C:\Windows\System\yUSNmyE.exe
  2⤵
  PID:5308
- C:\Windows\System\pnrCkiu.exe
  C:\Windows\System\pnrCkiu.exe
  2⤵
  PID:5348
- C:\Windows\System\BjrfsNf.exe
  C:\Windows\System\BjrfsNf.exe
  2⤵
  PID:5404
- C:\Windows\System\zAQKSav.exe
  C:\Windows\System\zAQKSav.exe
  2⤵
  PID:5448
- C:\Windows\System\LAhZIXr.exe
  C:\Windows\System\LAhZIXr.exe
  2⤵
  PID:1332
- C:\Windows\System\VaGpCXA.exe
  C:\Windows\System\VaGpCXA.exe
  2⤵
  PID:5480
- C:\Windows\System\opkQRtR.exe
  C:\Windows\System\opkQRtR.exe
  2⤵
  PID:5528
- C:\Windows\System\otHTfhj.exe
  C:\Windows\System\otHTfhj.exe
  2⤵
  PID:1812
- C:\Windows\System\PpCatOc.exe
  C:\Windows\System\PpCatOc.exe
  2⤵
  PID:5544
- C:\Windows\System\jRUjsBq.exe
  C:\Windows\System\jRUjsBq.exe
  2⤵
  PID:5584
- C:\Windows\System\zCnXVnm.exe
  C:\Windows\System\zCnXVnm.exe
  2⤵
  PID:5648
- C:\Windows\System\pyAxaCp.exe
  C:\Windows\System\pyAxaCp.exe
  2⤵
  PID:5680
- C:\Windows\System\HWkjwns.exe
  C:\Windows\System\HWkjwns.exe
  2⤵
  PID:5724
- C:\Windows\System\WRNRHSp.exe
  C:\Windows\System\WRNRHSp.exe
  2⤵
  PID:5700
- C:\Windows\System\OlfidVM.exe
  C:\Windows\System\OlfidVM.exe
  2⤵
  PID:5760
- C:\Windows\System\SQMvqDa.exe
  C:\Windows\System\SQMvqDa.exe
  2⤵
  PID:5744
- C:\Windows\System\GpsfLPQ.exe
  C:\Windows\System\GpsfLPQ.exe
  2⤵
  PID:1372
- C:\Windows\System\buPRCBJ.exe
  C:\Windows\System\buPRCBJ.exe
  2⤵
  PID:5780
- C:\Windows\System\jSycEAu.exe
  C:\Windows\System\jSycEAu.exe
  2⤵
  PID:5824
- C:\Windows\System\QLuUiWf.exe
  C:\Windows\System\QLuUiWf.exe
  2⤵
  PID:5860
- C:\Windows\System\FVVYrbR.exe
  C:\Windows\System\FVVYrbR.exe
  2⤵
  PID:5920
- C:\Windows\System\jqBnzHX.exe
  C:\Windows\System\jqBnzHX.exe
  2⤵
  PID:5904
- C:\Windows\System\cUlXkHd.exe
  C:\Windows\System\cUlXkHd.exe
  2⤵
  PID:5968
- C:\Windows\System\pwFyhdL.exe
  C:\Windows\System\pwFyhdL.exe
  2⤵
  PID:5988
- C:\Windows\System\uobvafO.exe
  C:\Windows\System\uobvafO.exe
  2⤵
  PID:6088
- C:\Windows\System\gMvAJCN.exe
  C:\Windows\System\gMvAJCN.exe
  2⤵
  PID:6064
- C:\Windows\System\lFgbHGS.exe
  C:\Windows\System\lFgbHGS.exe
  2⤵
  PID:6104
- C:\Windows\System\jsPthAh.exe
  C:\Windows\System\jsPthAh.exe
  2⤵
  PID:5056
- C:\Windows\System\JNBSnOR.exe
  C:\Windows\System\JNBSnOR.exe
  2⤵
  PID:5060
- C:\Windows\System\UsMQFvo.exe
  C:\Windows\System\UsMQFvo.exe
  2⤵
  PID:5100
- C:\Windows\System\zhAKcWB.exe
  C:\Windows\System\zhAKcWB.exe
  2⤵
  PID:5096
- C:\Windows\System\vhyEqXJ.exe
  C:\Windows\System\vhyEqXJ.exe
  2⤵
  PID:2792
- C:\Windows\System\gbJeTOq.exe
  C:\Windows\System\gbJeTOq.exe
  2⤵
  PID:4692
- C:\Windows\System\pZqOFyu.exe
  C:\Windows\System\pZqOFyu.exe
  2⤵
  PID:5160
- C:\Windows\System\uCIvuYm.exe
  C:\Windows\System\uCIvuYm.exe
  2⤵
  PID:5148
- C:\Windows\System\ltCQTLJ.exe
  C:\Windows\System\ltCQTLJ.exe
  2⤵
  PID:1268
- C:\Windows\System\omcoYyR.exe
  C:\Windows\System\omcoYyR.exe
  2⤵
  PID:5280
- C:\Windows\System\bdPWjMy.exe
  C:\Windows\System\bdPWjMy.exe
  2⤵
  PID:5284
- C:\Windows\System\mstUijQ.exe
  C:\Windows\System\mstUijQ.exe
  2⤵
  PID:5300
- C:\Windows\System\ramXLFw.exe
  C:\Windows\System\ramXLFw.exe
  2⤵
  PID:5368
- C:\Windows\System\nbZcKEh.exe
  C:\Windows\System\nbZcKEh.exe
  2⤵
  PID:5440
- C:\Windows\System\ggMQgHs.exe
  C:\Windows\System\ggMQgHs.exe
  2⤵
  PID:1828
- C:\Windows\System\zHRYeSO.exe
  C:\Windows\System\zHRYeSO.exe
  2⤵
  PID:1844
- C:\Windows\System\crlivTd.exe
  C:\Windows\System\crlivTd.exe
  2⤵
  PID:1796
- C:\Windows\System\VNhfDcQ.exe
  C:\Windows\System\VNhfDcQ.exe
  2⤵
  PID:1800
- C:\Windows\System\fGpKbNx.exe
  C:\Windows\System\fGpKbNx.exe
  2⤵
  PID:1820
- C:\Windows\System\nzKMLIo.exe
  C:\Windows\System\nzKMLIo.exe
  2⤵
  PID:332
- C:\Windows\System\dxNfmFN.exe
  C:\Windows\System\dxNfmFN.exe
  2⤵
  PID:1856
- C:\Windows\System\fBesDrS.exe
  C:\Windows\System\fBesDrS.exe
  2⤵
  PID:1040
- C:\Windows\System\gSXsHFs.exe
  C:\Windows\System\gSXsHFs.exe
  2⤵
  PID:1900
- C:\Windows\System\XLjjwEF.exe
  C:\Windows\System\XLjjwEF.exe
  2⤵
  PID:448
- C:\Windows\System\PHgLNXo.exe
  C:\Windows\System\PHgLNXo.exe
  2⤵
  PID:2824
- C:\Windows\System\QyMKdiA.exe
  C:\Windows\System\QyMKdiA.exe
  2⤵
  PID:2532
- C:\Windows\System\XugHFoV.exe
  C:\Windows\System\XugHFoV.exe
  2⤵
  PID:1992
- C:\Windows\System\yXuFJCh.exe
  C:\Windows\System\yXuFJCh.exe
  2⤵
  PID:1028
- C:\Windows\System\luzwOYz.exe
  C:\Windows\System\luzwOYz.exe
  2⤵
  PID:2944
- C:\Windows\System\uadsjTv.exe
  C:\Windows\System\uadsjTv.exe
  2⤵
  PID:5500
- C:\Windows\System\xrqCCLO.exe
  C:\Windows\System\xrqCCLO.exe
  2⤵
  PID:5568
- C:\Windows\System\QuZKtXr.exe
  C:\Windows\System\QuZKtXr.exe
  2⤵
  PID:5628
- C:\Windows\System\IykAnyn.exe
  C:\Windows\System\IykAnyn.exe
  2⤵
  PID:5640
- C:\Windows\System\xjpWvIh.exe
  C:\Windows\System\xjpWvIh.exe
  2⤵
  PID:5756
- C:\Windows\System\uCwRSNh.exe
  C:\Windows\System\uCwRSNh.exe
  2⤵
  PID:5848
- C:\Windows\System\iZEyoyX.exe
  C:\Windows\System\iZEyoyX.exe
  2⤵
  PID:5880
- C:\Windows\System\gaehgnQ.exe
  C:\Windows\System\gaehgnQ.exe
  2⤵
  PID:5940
- C:\Windows\System\taidejt.exe
  C:\Windows\System\taidejt.exe
  2⤵
  PID:5944
- C:\Windows\System\sjdtfTe.exe
  C:\Windows\System\sjdtfTe.exe
  2⤵
  PID:5808
- C:\Windows\System\wQZZMIm.exe
  C:\Windows\System\wQZZMIm.exe
  2⤵
  PID:6004
- C:\Windows\System\cLEPREb.exe
  C:\Windows\System\cLEPREb.exe
  2⤵
  PID:6024
- C:\Windows\System\zzxmeTn.exe
  C:\Windows\System\zzxmeTn.exe
  2⤵
  PID:6140
- C:\Windows\System\oTBWvRT.exe
  C:\Windows\System\oTBWvRT.exe
  2⤵
  PID:5040
- C:\Windows\System\zxMadCb.exe
  C:\Windows\System\zxMadCb.exe
  2⤵
  PID:4292
- C:\Windows\System\DyBtLSS.exe
  C:\Windows\System\DyBtLSS.exe
  2⤵
  PID:3404
- C:\Windows\System\RiqVbwb.exe
  C:\Windows\System\RiqVbwb.exe
  2⤵
  PID:5208
- C:\Windows\System\jdmnCIC.exe
  C:\Windows\System\jdmnCIC.exe
  2⤵
  PID:2724
- C:\Windows\System\ozxfCgi.exe
  C:\Windows\System\ozxfCgi.exe
  2⤵
  PID:5304
- C:\Windows\System\uoVWpGU.exe
  C:\Windows\System\uoVWpGU.exe
  2⤵
  PID:5400
- C:\Windows\System\AbRtkIq.exe
  C:\Windows\System\AbRtkIq.exe
  2⤵
  PID:4516
- C:\Windows\System\mvyvdMg.exe
  C:\Windows\System\mvyvdMg.exe
  2⤵
  PID:796
- C:\Windows\System\LYWQyvH.exe
  C:\Windows\System\LYWQyvH.exe
  2⤵
  PID:2252
- C:\Windows\System\DOlPUXA.exe
  C:\Windows\System\DOlPUXA.exe
  2⤵
  PID:1292
- C:\Windows\System\WILRbbO.exe
  C:\Windows\System\WILRbbO.exe
  2⤵
  PID:2152
- C:\Windows\System\mZmcLxh.exe
  C:\Windows\System\mZmcLxh.exe
  2⤵
  PID:1764
- C:\Windows\System\HKKuOnh.exe
  C:\Windows\System\HKKuOnh.exe
  2⤵
  PID:5484
- C:\Windows\System\zwKZqzy.exe
  C:\Windows\System\zwKZqzy.exe
  2⤵
  PID:5520
- C:\Windows\System\VnACUri.exe
  C:\Windows\System\VnACUri.exe
  2⤵
  PID:2408
- C:\Windows\System\QndFJSW.exe
  C:\Windows\System\QndFJSW.exe
  2⤵
  PID:2140
- C:\Windows\System\eMWGawX.exe
  C:\Windows\System\eMWGawX.exe
  2⤵
  PID:912
- C:\Windows\System\kBKMkWj.exe
  C:\Windows\System\kBKMkWj.exe
  2⤵
  PID:5620
- C:\Windows\System\inratMP.exe
  C:\Windows\System\inratMP.exe
  2⤵
  PID:5740
- C:\Windows\System\IqXpWYK.exe
  C:\Windows\System\IqXpWYK.exe
  2⤵
  PID:6048
- C:\Windows\System\dQLLddO.exe
  C:\Windows\System\dQLLddO.exe
  2⤵
  PID:4224
- C:\Windows\System\IATxDSa.exe
  C:\Windows\System\IATxDSa.exe
  2⤵
  PID:2104
- C:\Windows\System\YuiJOPN.exe
  C:\Windows\System\YuiJOPN.exe
  2⤵
  PID:5220
- C:\Windows\System\kzLQhmY.exe
  C:\Windows\System\kzLQhmY.exe
  2⤵
  PID:1780
- C:\Windows\System\izDMOkm.exe
  C:\Windows\System\izDMOkm.exe
  2⤵
  PID:5884
- C:\Windows\System\zZjweWH.exe
  C:\Windows\System\zZjweWH.exe
  2⤵
  PID:6068
- C:\Windows\System\KWoGMGM.exe
  C:\Windows\System\KWoGMGM.exe
  2⤵
  PID:2584
- C:\Windows\System\ZvNaWuI.exe
  C:\Windows\System\ZvNaWuI.exe
  2⤵
  PID:2044
- C:\Windows\System\oLdnJcN.exe
  C:\Windows\System\oLdnJcN.exe
  2⤵
  PID:1476
- C:\Windows\System\zTwTdZt.exe
  C:\Windows\System\zTwTdZt.exe
  2⤵
  PID:2192
- C:\Windows\System\ClYPOLJ.exe
  C:\Windows\System\ClYPOLJ.exe
  2⤵
  PID:1952
- C:\Windows\System\ucOSgRP.exe
  C:\Windows\System\ucOSgRP.exe
  2⤵
  PID:5664
- C:\Windows\System\dGdqPWI.exe
  C:\Windows\System\dGdqPWI.exe
  2⤵
  PID:1608
- C:\Windows\System\cncfOcj.exe
  C:\Windows\System\cncfOcj.exe
  2⤵
  PID:5508
- C:\Windows\System\HSzBEai.exe
  C:\Windows\System\HSzBEai.exe
  2⤵
  PID:2376
- C:\Windows\System\aDlzuLA.exe
  C:\Windows\System\aDlzuLA.exe
  2⤵
  PID:1280
- C:\Windows\System\caUxQeA.exe
  C:\Windows\System\caUxQeA.exe
  2⤵
  PID:6100
- C:\Windows\System\ZbynThl.exe
  C:\Windows\System\ZbynThl.exe
  2⤵
  PID:5140
- C:\Windows\System\sggebgs.exe
  C:\Windows\System\sggebgs.exe
  2⤵
  PID:5844
- C:\Windows\System\cgANfTz.exe
  C:\Windows\System\cgANfTz.exe
  2⤵
  PID:4572
- C:\Windows\System\qGjcbCx.exe
  C:\Windows\System\qGjcbCx.exe
  2⤵
  PID:1504
- C:\Windows\System\qOuolhw.exe
  C:\Windows\System\qOuolhw.exe
  2⤵
  PID:2616
- C:\Windows\System\CKkvcVB.exe
  C:\Windows\System\CKkvcVB.exe
  2⤵
  PID:2396
- C:\Windows\System\rHYXdcO.exe
  C:\Windows\System\rHYXdcO.exe
  2⤵
  PID:5604
- C:\Windows\System\pbfciAB.exe
  C:\Windows\System\pbfciAB.exe
  2⤵
  PID:5980
- C:\Windows\System\zTzCLpi.exe
  C:\Windows\System\zTzCLpi.exe
  2⤵
  PID:5840
- C:\Windows\System\XgnuKIJ.exe
  C:\Windows\System\XgnuKIJ.exe
  2⤵
  PID:4464
- C:\Windows\System\QBcJgdJ.exe
  C:\Windows\System\QBcJgdJ.exe
  2⤵
  PID:5804
- C:\Windows\System\UInUUho.exe
  C:\Windows\System\UInUUho.exe
  2⤵
  PID:5112
- C:\Windows\System\CDHosmn.exe
  C:\Windows\System\CDHosmn.exe
  2⤵
  PID:5708
- C:\Windows\System\IUndFVb.exe
  C:\Windows\System\IUndFVb.exe
  2⤵
  PID:2828
- C:\Windows\System\TBhhzOk.exe
  C:\Windows\System\TBhhzOk.exe
  2⤵
  PID:4828
- C:\Windows\System\UPWidqt.exe
  C:\Windows\System\UPWidqt.exe
  2⤵
  PID:6152
- C:\Windows\System\xvoMafZ.exe
  C:\Windows\System\xvoMafZ.exe
  2⤵
  PID:6168
- C:\Windows\System\BbbaXNA.exe
  C:\Windows\System\BbbaXNA.exe
  2⤵
  PID:6192
- C:\Windows\System\rceSIcc.exe
  C:\Windows\System\rceSIcc.exe
  2⤵
  PID:6220
- C:\Windows\System\eqxewrD.exe
  C:\Windows\System\eqxewrD.exe
  2⤵
  PID:6236
- C:\Windows\System\ZdFhxSw.exe
  C:\Windows\System\ZdFhxSw.exe
  2⤵
  PID:6252
- C:\Windows\System\zilRYlE.exe
  C:\Windows\System\zilRYlE.exe
  2⤵
  PID:6268
- C:\Windows\System\EsulpLx.exe
  C:\Windows\System\EsulpLx.exe
  2⤵
  PID:6284
- C:\Windows\System\sqxsvyB.exe
  C:\Windows\System\sqxsvyB.exe
  2⤵
  PID:6332
- C:\Windows\System\ZQgIGrG.exe
  C:\Windows\System\ZQgIGrG.exe
  2⤵
  PID:6348
- C:\Windows\System\EuQEwin.exe
  C:\Windows\System\EuQEwin.exe
  2⤵
  PID:6368
- C:\Windows\System\RzAjdJN.exe
  C:\Windows\System\RzAjdJN.exe
  2⤵
  PID:6392
- C:\Windows\System\iMwFjnA.exe
  C:\Windows\System\iMwFjnA.exe
  2⤵
  PID:6408
- C:\Windows\System\iJaLOqW.exe
  C:\Windows\System\iJaLOqW.exe
  2⤵
  PID:6424
- C:\Windows\System\CwKsHbM.exe
  C:\Windows\System\CwKsHbM.exe
  2⤵
  PID:6440
- C:\Windows\System\vEeKvpa.exe
  C:\Windows\System\vEeKvpa.exe
  2⤵
  PID:6456
- C:\Windows\System\hYiEtsH.exe
  C:\Windows\System\hYiEtsH.exe
  2⤵
  PID:6472
- C:\Windows\System\aUfTJHx.exe
  C:\Windows\System\aUfTJHx.exe
  2⤵
  PID:6488
- C:\Windows\System\XlNQiIo.exe
  C:\Windows\System\XlNQiIo.exe
  2⤵
  PID:6504
- C:\Windows\System\hgHdHCu.exe
  C:\Windows\System\hgHdHCu.exe
  2⤵
  PID:6524
- C:\Windows\System\reBqdps.exe
  C:\Windows\System\reBqdps.exe
  2⤵
  PID:6540
- C:\Windows\System\SJzpxyG.exe
  C:\Windows\System\SJzpxyG.exe
  2⤵
  PID:6592
- C:\Windows\System\UOyUQrD.exe
  C:\Windows\System\UOyUQrD.exe
  2⤵
  PID:6608
- C:\Windows\System\RkYozLQ.exe
  C:\Windows\System\RkYozLQ.exe
  2⤵
  PID:6624
- C:\Windows\System\zehaEQN.exe
  C:\Windows\System\zehaEQN.exe
  2⤵
  PID:6640
- C:\Windows\System\ZQiuApr.exe
  C:\Windows\System\ZQiuApr.exe
  2⤵
  PID:6660
- C:\Windows\System\iRNMoxS.exe
  C:\Windows\System\iRNMoxS.exe
  2⤵
  PID:6676
- C:\Windows\System\xTFiBOg.exe
  C:\Windows\System\xTFiBOg.exe
  2⤵
  PID:6692
- C:\Windows\System\LbPidls.exe
  C:\Windows\System\LbPidls.exe
  2⤵
  PID:6708
- C:\Windows\System\UHavCaP.exe
  C:\Windows\System\UHavCaP.exe
  2⤵
  PID:6724
- C:\Windows\System\lQPdCqW.exe
  C:\Windows\System\lQPdCqW.exe
  2⤵
  PID:6744
- C:\Windows\System\QxKDrdn.exe
  C:\Windows\System\QxKDrdn.exe
  2⤵
  PID:6764
- C:\Windows\System\CodQGwz.exe
  C:\Windows\System\CodQGwz.exe
  2⤵
  PID:6780
- C:\Windows\System\iKclKxB.exe
  C:\Windows\System\iKclKxB.exe
  2⤵
  PID:6796
- C:\Windows\System\kgpexrl.exe
  C:\Windows\System\kgpexrl.exe
  2⤵
  PID:6852
- C:\Windows\System\zwzcONN.exe
  C:\Windows\System\zwzcONN.exe
  2⤵
  PID:6876
- C:\Windows\System\QbimdZi.exe
  C:\Windows\System\QbimdZi.exe
  2⤵
  PID:6892
- C:\Windows\System\peDJsgt.exe
  C:\Windows\System\peDJsgt.exe
  2⤵
  PID:6912
- C:\Windows\System\Mvwhumh.exe
  C:\Windows\System\Mvwhumh.exe
  2⤵
  PID:6932
- C:\Windows\System\ZTbPVmp.exe
  C:\Windows\System\ZTbPVmp.exe
  2⤵
  PID:6952
- C:\Windows\System\TxEFYsw.exe
  C:\Windows\System\TxEFYsw.exe
  2⤵
  PID:6972
- C:\Windows\System\NAqmtMz.exe
  C:\Windows\System\NAqmtMz.exe
  2⤵
  PID:6988
- C:\Windows\System\SNKNHDV.exe
  C:\Windows\System\SNKNHDV.exe
  2⤵
  PID:7004
- C:\Windows\System\DlBnnvu.exe
  C:\Windows\System\DlBnnvu.exe
  2⤵
  PID:7020
- C:\Windows\System\zeBlZRB.exe
  C:\Windows\System\zeBlZRB.exe
  2⤵
  PID:7036
- C:\Windows\System\ayQFBpW.exe
  C:\Windows\System\ayQFBpW.exe
  2⤵
  PID:7052
- C:\Windows\System\OkpJCti.exe
  C:\Windows\System\OkpJCti.exe
  2⤵
  PID:7068
- C:\Windows\System\VYIcXeA.exe
  C:\Windows\System\VYIcXeA.exe
  2⤵
  PID:7112
- C:\Windows\System\XpOgxuH.exe
  C:\Windows\System\XpOgxuH.exe
  2⤵
  PID:7132
- C:\Windows\System\xFMMkkM.exe
  C:\Windows\System\xFMMkkM.exe
  2⤵
  PID:7148
- C:\Windows\System\DAFaTnk.exe
  C:\Windows\System\DAFaTnk.exe
  2⤵
  PID:3100
- C:\Windows\System\NUkdQxw.exe
  C:\Windows\System\NUkdQxw.exe
  2⤵
  PID:716
- C:\Windows\System\DfUkwhp.exe
  C:\Windows\System\DfUkwhp.exe
  2⤵
  PID:2984
- C:\Windows\System\ZTuTzYV.exe
  C:\Windows\System\ZTuTzYV.exe
  2⤵
  PID:5344
- C:\Windows\System\IpLJhTT.exe
  C:\Windows\System\IpLJhTT.exe
  2⤵
  PID:6204
- C:\Windows\System\XhXcTin.exe
  C:\Windows\System\XhXcTin.exe
  2⤵
  PID:6260
- C:\Windows\System\coYXczh.exe
  C:\Windows\System\coYXczh.exe
  2⤵
  PID:6232
- C:\Windows\System\feNRfAS.exe
  C:\Windows\System\feNRfAS.exe
  2⤵
  PID:6304
- C:\Windows\System\nXjIdLa.exe
  C:\Windows\System\nXjIdLa.exe
  2⤵
  PID:6320
- C:\Windows\System\RGMyEDT.exe
  C:\Windows\System\RGMyEDT.exe
  2⤵
  PID:6276
- C:\Windows\System\BAMLjFt.exe
  C:\Windows\System\BAMLjFt.exe
  2⤵
  PID:6416
- C:\Windows\System\RsaCqTj.exe
  C:\Windows\System\RsaCqTj.exe
  2⤵
  PID:6484
- C:\Windows\System\IpxWYvV.exe
  C:\Windows\System\IpxWYvV.exe
  2⤵
  PID:6548
- C:\Windows\System\XZaPeIl.exe
  C:\Windows\System\XZaPeIl.exe
  2⤵
  PID:6568
- C:\Windows\System\GBpskUQ.exe
  C:\Windows\System\GBpskUQ.exe
  2⤵
  PID:6584
- C:\Windows\System\GLpkaMJ.exe
  C:\Windows\System\GLpkaMJ.exe
  2⤵
  PID:6404
- C:\Windows\System\CTQArcO.exe
  C:\Windows\System\CTQArcO.exe
  2⤵
  PID:6620
- C:\Windows\System\jBPoHAl.exe
  C:\Windows\System\jBPoHAl.exe
  2⤵
  PID:6688
- C:\Windows\System\GqGxJxu.exe
  C:\Windows\System\GqGxJxu.exe
  2⤵
  PID:6464
- C:\Windows\System\DxywJbU.exe
  C:\Windows\System\DxywJbU.exe
  2⤵
  PID:6532
- C:\Windows\System\MpFoLUh.exe
  C:\Windows\System\MpFoLUh.exe
  2⤵
  PID:6604
- C:\Windows\System\hSIfmet.exe
  C:\Windows\System\hSIfmet.exe
  2⤵
  PID:6704
- C:\Windows\System\uYXhtSs.exe
  C:\Windows\System\uYXhtSs.exe
  2⤵
  PID:6776
- C:\Windows\System\EDRxwKL.exe
  C:\Windows\System\EDRxwKL.exe
  2⤵
  PID:6820
- C:\Windows\System\zypoMLL.exe
  C:\Windows\System\zypoMLL.exe
  2⤵
  PID:6836
- C:\Windows\System\COnLccB.exe
  C:\Windows\System\COnLccB.exe
  2⤵
  PID:6788
- C:\Windows\System\MdwWmlL.exe
  C:\Windows\System\MdwWmlL.exe
  2⤵
  PID:6864
- C:\Windows\System\DfpEwhh.exe
  C:\Windows\System\DfpEwhh.exe
  2⤵
  PID:6888
- C:\Windows\System\SKWOAaK.exe
  C:\Windows\System\SKWOAaK.exe
  2⤵
  PID:6900
- C:\Windows\System\dpElABj.exe
  C:\Windows\System\dpElABj.exe
  2⤵
  PID:6948
- C:\Windows\System\ICowEzo.exe
  C:\Windows\System\ICowEzo.exe
  2⤵
  PID:6984
- C:\Windows\System\JwcAmUl.exe
  C:\Windows\System\JwcAmUl.exe
  2⤵
  PID:7048
- C:\Windows\System\ALTNgGS.exe
  C:\Windows\System\ALTNgGS.exe
  2⤵
  PID:7028
- C:\Windows\System\XDlCLAZ.exe
  C:\Windows\System\XDlCLAZ.exe
  2⤵
  PID:7088
- C:\Windows\System\DjgXVkv.exe
  C:\Windows\System\DjgXVkv.exe
  2⤵
  PID:7100
- C:\Windows\System\hxnldUY.exe
  C:\Windows\System\hxnldUY.exe
  2⤵
  PID:6108
- C:\Windows\System\WHYGqPO.exe
  C:\Windows\System\WHYGqPO.exe
  2⤵
  PID:6164
- C:\Windows\System\eQctZpQ.exe
  C:\Windows\System\eQctZpQ.exe
  2⤵
  PID:6208
- C:\Windows\System\lwJfVkJ.exe
  C:\Windows\System\lwJfVkJ.exe
  2⤵
  PID:6244
- C:\Windows\System\ySTmqYb.exe
  C:\Windows\System\ySTmqYb.exe
  2⤵
  PID:6344
- C:\Windows\System\xQIJjeA.exe
  C:\Windows\System\xQIJjeA.exe
  2⤵
  PID:6248
- C:\Windows\System\YtGPFKT.exe
  C:\Windows\System\YtGPFKT.exe
  2⤵
  PID:6576
- C:\Windows\System\oQMMJva.exe
  C:\Windows\System\oQMMJva.exe
  2⤵
  PID:6756
- C:\Windows\System\dJbQXQH.exe
  C:\Windows\System\dJbQXQH.exe
  2⤵
  PID:6752
- C:\Windows\System\TZbjbMY.exe
  C:\Windows\System\TZbjbMY.exe
  2⤵
  PID:6564
- C:\Windows\System\aFGTaMx.exe
  C:\Windows\System\aFGTaMx.exe
  2⤵
  PID:6656
- C:\Windows\System\QQhGrBA.exe
  C:\Windows\System\QQhGrBA.exe
  2⤵
  PID:6860
- C:\Windows\System\qvwcHAq.exe
  C:\Windows\System\qvwcHAq.exe
  2⤵
  PID:7084
- C:\Windows\System\dfTASye.exe
  C:\Windows\System\dfTASye.exe
  2⤵
  PID:5608
- C:\Windows\System\lUqTQBV.exe
  C:\Windows\System\lUqTQBV.exe
  2⤵
  PID:6496
- C:\Windows\System\xutMVIz.exe
  C:\Windows\System\xutMVIz.exe
  2⤵
  PID:7044
- C:\Windows\System\PEZZyQv.exe
  C:\Windows\System\PEZZyQv.exe
  2⤵
  PID:7124
- C:\Windows\System\BXoYpLD.exe
  C:\Windows\System\BXoYpLD.exe
  2⤵
  PID:6812
- C:\Windows\System\HziGfgn.exe
  C:\Windows\System\HziGfgn.exe
  2⤵
  PID:6300
- C:\Windows\System\HrldldT.exe
  C:\Windows\System\HrldldT.exe
  2⤵
  PID:6848
- C:\Windows\System\OPosBIz.exe
  C:\Windows\System\OPosBIz.exe
  2⤵
  PID:6188
- C:\Windows\System\fpWYrGx.exe
  C:\Windows\System\fpWYrGx.exe
  2⤵
  PID:6376
- C:\Windows\System\DBdjyJb.exe
  C:\Windows\System\DBdjyJb.exe
  2⤵
  PID:6844
- C:\Windows\System\wdlyluN.exe
  C:\Windows\System\wdlyluN.exe
  2⤵
  PID:6792
- C:\Windows\System\OZuYXVi.exe
  C:\Windows\System\OZuYXVi.exe
  2⤵
  PID:6400
- C:\Windows\System\stzyGZo.exe
  C:\Windows\System\stzyGZo.exe
  2⤵
  PID:6184
- C:\Windows\System\dUZeHbh.exe
  C:\Windows\System\dUZeHbh.exe
  2⤵
  PID:6908
- C:\Windows\System\KGlUtbe.exe
  C:\Windows\System\KGlUtbe.exe
  2⤵
  PID:6668
- C:\Windows\System\sRtEmos.exe
  C:\Windows\System\sRtEmos.exe
  2⤵
  PID:6672
- C:\Windows\System\gdMQWMZ.exe
  C:\Windows\System\gdMQWMZ.exe
  2⤵
  PID:6328
- C:\Windows\System\AGHQuMi.exe
  C:\Windows\System\AGHQuMi.exe
  2⤵
  PID:6360
- C:\Windows\System\APZYGsr.exe
  C:\Windows\System\APZYGsr.exe
  2⤵
  PID:6736
- C:\Windows\System\tJYUVdt.exe
  C:\Windows\System\tJYUVdt.exe
  2⤵
  PID:6292
- C:\Windows\System\ereHLmr.exe
  C:\Windows\System\ereHLmr.exe
  2⤵
  PID:6516
- C:\Windows\System\kPkLDzB.exe
  C:\Windows\System\kPkLDzB.exe
  2⤵
  PID:6944
- C:\Windows\System\NisHYFN.exe
  C:\Windows\System\NisHYFN.exe
  2⤵
  PID:6452
- C:\Windows\System\VUnvMiN.exe
  C:\Windows\System\VUnvMiN.exe
  2⤵
  PID:6884
- C:\Windows\System\caJTEWT.exe
  C:\Windows\System\caJTEWT.exe
  2⤵
  PID:6500
- C:\Windows\System\IFlvpJw.exe
  C:\Windows\System\IFlvpJw.exe
  2⤵
  PID:6928
- C:\Windows\System\hmNaoJN.exe
  C:\Windows\System\hmNaoJN.exe
  2⤵
  PID:7108
- C:\Windows\System\BviqmLs.exe
  C:\Windows\System\BviqmLs.exe
  2⤵
  PID:6600
- C:\Windows\System\AofuIpq.exe
  C:\Windows\System\AofuIpq.exe
  2⤵
  PID:7000
- C:\Windows\System\PFSmJhK.exe
  C:\Windows\System\PFSmJhK.exe
  2⤵
  PID:7164
- C:\Windows\System\ogGraIX.exe
  C:\Windows\System\ogGraIX.exe
  2⤵
  PID:7180
- C:\Windows\System\BByTzuX.exe
  C:\Windows\System\BByTzuX.exe
  2⤵
  PID:7196
- C:\Windows\System\crCDuqw.exe
  C:\Windows\System\crCDuqw.exe
  2⤵
  PID:7212
- C:\Windows\System\nMYVwsc.exe
  C:\Windows\System\nMYVwsc.exe
  2⤵
  PID:7268
- C:\Windows\System\NhLVYYW.exe
  C:\Windows\System\NhLVYYW.exe
  2⤵
  PID:7284
- C:\Windows\System\KFxwMrl.exe
  C:\Windows\System\KFxwMrl.exe
  2⤵
  PID:7304
- C:\Windows\System\pDRvvTp.exe
  C:\Windows\System\pDRvvTp.exe
  2⤵
  PID:7320
- C:\Windows\System\YkBbuXs.exe
  C:\Windows\System\YkBbuXs.exe
  2⤵
  PID:7336
- C:\Windows\System\sjHzmhz.exe
  C:\Windows\System\sjHzmhz.exe
  2⤵
  PID:7352
- C:\Windows\System\myNNDWm.exe
  C:\Windows\System\myNNDWm.exe
  2⤵
  PID:7372
- C:\Windows\System\qWEGXYX.exe
  C:\Windows\System\qWEGXYX.exe
  2⤵
  PID:7388
- C:\Windows\System\SAGSZJb.exe
  C:\Windows\System\SAGSZJb.exe
  2⤵
  PID:7404
- C:\Windows\System\cNIEmPc.exe
  C:\Windows\System\cNIEmPc.exe
  2⤵
  PID:7428
- C:\Windows\System\tvDOZaY.exe
  C:\Windows\System\tvDOZaY.exe
  2⤵
  PID:7444
- C:\Windows\System\qSeoLar.exe
  C:\Windows\System\qSeoLar.exe
  2⤵
  PID:7468
- C:\Windows\System\wWMGIrr.exe
  C:\Windows\System\wWMGIrr.exe
  2⤵
  PID:7484
- C:\Windows\System\IhJxywd.exe
  C:\Windows\System\IhJxywd.exe
  2⤵
  PID:7520
- C:\Windows\System\UqmUpWv.exe
  C:\Windows\System\UqmUpWv.exe
  2⤵
  PID:7536
- C:\Windows\System\JajIQmQ.exe
  C:\Windows\System\JajIQmQ.exe
  2⤵
  PID:7564
- C:\Windows\System\IRKnXEb.exe
  C:\Windows\System\IRKnXEb.exe
  2⤵
  PID:7584
- C:\Windows\System\RqnhqUI.exe
  C:\Windows\System\RqnhqUI.exe
  2⤵
  PID:7600
- C:\Windows\System\VZyvANm.exe
  C:\Windows\System\VZyvANm.exe
  2⤵
  PID:7616
- C:\Windows\System\jeXUxUT.exe
  C:\Windows\System\jeXUxUT.exe
  2⤵
  PID:7636
- C:\Windows\System\Tgicjpf.exe
  C:\Windows\System\Tgicjpf.exe
  2⤵
  PID:7664
- C:\Windows\System\EmAyZbe.exe
  C:\Windows\System\EmAyZbe.exe
  2⤵
  PID:7680
- C:\Windows\System\SzvuRrR.exe
  C:\Windows\System\SzvuRrR.exe
  2⤵
  PID:7696
- C:\Windows\System\ZICjZOJ.exe
  C:\Windows\System\ZICjZOJ.exe
  2⤵
  PID:7720
- C:\Windows\System\LaeoPGl.exe
  C:\Windows\System\LaeoPGl.exe
  2⤵
  PID:7740
- C:\Windows\System\nbaTvKz.exe
  C:\Windows\System\nbaTvKz.exe
  2⤵
  PID:7756
- C:\Windows\System\XzLPjtk.exe
  C:\Windows\System\XzLPjtk.exe
  2⤵
  PID:7780
- C:\Windows\System\AbHBiPb.exe
  C:\Windows\System\AbHBiPb.exe
  2⤵
  PID:7796
- C:\Windows\System\xxFhFyO.exe
  C:\Windows\System\xxFhFyO.exe
  2⤵
  PID:7812
- C:\Windows\System\rJjLetF.exe
  C:\Windows\System\rJjLetF.exe
  2⤵
  PID:7828
- C:\Windows\System\NHtcdsZ.exe
  C:\Windows\System\NHtcdsZ.exe
  2⤵
  PID:7852
- C:\Windows\System\EWiIWjm.exe
  C:\Windows\System\EWiIWjm.exe
  2⤵
  PID:7868
- C:\Windows\System\KLCGPdn.exe
  C:\Windows\System\KLCGPdn.exe
  2⤵
  PID:7892
- C:\Windows\System\dIcFuzP.exe
  C:\Windows\System\dIcFuzP.exe
  2⤵
  PID:7908
- C:\Windows\System\TviqXHV.exe
  C:\Windows\System\TviqXHV.exe
  2⤵
  PID:7924
- C:\Windows\System\FCojSkX.exe
  C:\Windows\System\FCojSkX.exe
  2⤵
  PID:7940
- C:\Windows\System\iHADtAl.exe
  C:\Windows\System\iHADtAl.exe
  2⤵
  PID:7960
- C:\Windows\System\seUOmeS.exe
  C:\Windows\System\seUOmeS.exe
  2⤵
  PID:7988
- C:\Windows\System\mQDKfpl.exe
  C:\Windows\System\mQDKfpl.exe
  2⤵
  PID:8012
- C:\Windows\System\IqYsOEh.exe
  C:\Windows\System\IqYsOEh.exe
  2⤵
  PID:8036
- C:\Windows\System\zwcOfEG.exe
  C:\Windows\System\zwcOfEG.exe
  2⤵
  PID:8056
- C:\Windows\System\JiVkaqA.exe
  C:\Windows\System\JiVkaqA.exe
  2⤵
  PID:8072
- C:\Windows\System\KJmJAgt.exe
  C:\Windows\System\KJmJAgt.exe
  2⤵
  PID:8088
- C:\Windows\System\ddZGvRY.exe
  C:\Windows\System\ddZGvRY.exe
  2⤵
  PID:8104
- C:\Windows\System\iqYmOWd.exe
  C:\Windows\System\iqYmOWd.exe
  2⤵
  PID:8120
- C:\Windows\System\zvHuhYN.exe
  C:\Windows\System\zvHuhYN.exe
  2⤵
  PID:8144
- C:\Windows\System\CkroNsH.exe
  C:\Windows\System\CkroNsH.exe
  2⤵
  PID:8160
- C:\Windows\System\mWdANId.exe
  C:\Windows\System\mWdANId.exe
  2⤵
  PID:8176
- C:\Windows\System\DsXLaAn.exe
  C:\Windows\System\DsXLaAn.exe
  2⤵
  PID:6636
- C:\Windows\System\EJujCAM.exe
  C:\Windows\System\EJujCAM.exe
  2⤵
  PID:7120
- C:\Windows\System\OEvShsR.exe
  C:\Windows\System\OEvShsR.exe
  2⤵
  PID:7204
- C:\Windows\System\rEFBTWt.exe
  C:\Windows\System\rEFBTWt.exe
  2⤵
  PID:7188
- C:\Windows\System\zhvDayj.exe
  C:\Windows\System\zhvDayj.exe
  2⤵
  PID:7232
- C:\Windows\System\mYpcbhW.exe
  C:\Windows\System\mYpcbhW.exe
  2⤵
  PID:7264
- C:\Windows\System\HYWFuKm.exe
  C:\Windows\System\HYWFuKm.exe
  2⤵
  PID:7456
- C:\Windows\System\yiaYGvY.exe
  C:\Windows\System\yiaYGvY.exe
  2⤵
  PID:7500
- C:\Windows\System\uUlzXAu.exe
  C:\Windows\System\uUlzXAu.exe
  2⤵
  PID:7512
- C:\Windows\System\kPTouST.exe
  C:\Windows\System\kPTouST.exe
  2⤵
  PID:7360
- C:\Windows\System\NGdjOFw.exe
  C:\Windows\System\NGdjOFw.exe
  2⤵
  PID:7436
- C:\Windows\System\bqRetNM.exe
  C:\Windows\System\bqRetNM.exe
  2⤵
  PID:7544
- C:\Windows\System\dtYajEU.exe
  C:\Windows\System\dtYajEU.exe
  2⤵
  PID:7592
- C:\Windows\System\ALZNzoa.exe
  C:\Windows\System\ALZNzoa.exe
  2⤵
  PID:7608
- C:\Windows\System\sKSCNgv.exe
  C:\Windows\System\sKSCNgv.exe
  2⤵
  PID:7676
- C:\Windows\System\bdrwArv.exe
  C:\Windows\System\bdrwArv.exe
  2⤵
  PID:7704
- C:\Windows\System\lyylpZR.exe
  C:\Windows\System\lyylpZR.exe
  2⤵
  PID:7788
- C:\Windows\System\SisQgrN.exe
  C:\Windows\System\SisQgrN.exe
  2⤵
  PID:7768
- C:\Windows\System\eyXampZ.exe
  C:\Windows\System\eyXampZ.exe
  2⤵
  PID:7772
- C:\Windows\System\MzZtnmW.exe
  C:\Windows\System\MzZtnmW.exe
  2⤵
  PID:7900
- C:\Windows\System\fjXtRvc.exe
  C:\Windows\System\fjXtRvc.exe
  2⤵
  PID:7880
- C:\Windows\System\YWJbeLO.exe
  C:\Windows\System\YWJbeLO.exe
  2⤵
  PID:7884
- C:\Windows\System\QTKtYnM.exe
  C:\Windows\System\QTKtYnM.exe
  2⤵
  PID:8100
- C:\Windows\System\eANhKuz.exe
  C:\Windows\System\eANhKuz.exe
  2⤵
  PID:8140
- C:\Windows\System\xYGiKKv.exe
  C:\Windows\System\xYGiKKv.exe
  2⤵
  PID:6380
- C:\Windows\System\AYVNDSj.exe
  C:\Windows\System\AYVNDSj.exe
  2⤵
  PID:7916
- C:\Windows\System\EHuKGqk.exe
  C:\Windows\System\EHuKGqk.exe
  2⤵
  PID:7840
- C:\Windows\System\stWOCmS.exe
  C:\Windows\System\stWOCmS.exe
  2⤵
  PID:8044
- C:\Windows\System\wUGtzAc.exe
  C:\Windows\System\wUGtzAc.exe
  2⤵
  PID:8112
- C:\Windows\System\ZYLzPMm.exe
  C:\Windows\System\ZYLzPMm.exe
  2⤵
  PID:8184
- C:\Windows\System\aKIUFRe.exe
  C:\Windows\System\aKIUFRe.exe
  2⤵
  PID:7244
- C:\Windows\System\vlpccCr.exe
  C:\Windows\System\vlpccCr.exe
  2⤵
  PID:7996
- C:\Windows\System\dKgsFAq.exe
  C:\Windows\System\dKgsFAq.exe
  2⤵
  PID:7496
- C:\Windows\System\LYWBoZD.exe
  C:\Windows\System\LYWBoZD.exe
  2⤵
  PID:7476
- C:\Windows\System\rSHOuUV.exe
  C:\Windows\System\rSHOuUV.exe
  2⤵
  PID:7580
- C:\Windows\System\MMqZpyi.exe
  C:\Windows\System\MMqZpyi.exe
  2⤵
  PID:7412
- C:\Windows\System\uObZQrv.exe
  C:\Windows\System\uObZQrv.exe
  2⤵
  PID:7552
- C:\Windows\System\AwwaUJi.exe
  C:\Windows\System\AwwaUJi.exe
  2⤵
  PID:7368
- C:\Windows\System\ZzYGuzU.exe
  C:\Windows\System\ZzYGuzU.exe
  2⤵
  PID:7576
- C:\Windows\System\ZgVfPQO.exe
  C:\Windows\System\ZgVfPQO.exe
  2⤵
  PID:7752
- C:\Windows\System\lSmYyww.exe
  C:\Windows\System\lSmYyww.exe
  2⤵
  PID:7764
- C:\Windows\System\eyfhRFh.exe
  C:\Windows\System\eyfhRFh.exe
  2⤵
  PID:7736
- C:\Windows\System\XuFDbJI.exe
  C:\Windows\System\XuFDbJI.exe
  2⤵
  PID:2248
- C:\Windows\System\EVQbprx.exe
  C:\Windows\System\EVQbprx.exe
  2⤵
  PID:2460
- C:\Windows\System\qaCEajk.exe
  C:\Windows\System\qaCEajk.exe
  2⤵
  PID:8024
- C:\Windows\System\MmnVtse.exe
  C:\Windows\System\MmnVtse.exe
  2⤵
  PID:6700
- C:\Windows\System\jNSjMRa.exe
  C:\Windows\System\jNSjMRa.exe
  2⤵
  PID:8156
- C:\Windows\System\gRYGizC.exe
  C:\Windows\System\gRYGizC.exe
  2⤵
  PID:7948
- C:\Windows\System\qMBczqg.exe
  C:\Windows\System\qMBczqg.exe
  2⤵
  PID:7332
- C:\Windows\System\EprtpyV.exe
  C:\Windows\System\EprtpyV.exe
  2⤵
  PID:6832
- C:\Windows\System\UqgsHJg.exe
  C:\Windows\System\UqgsHJg.exe
  2⤵
  PID:8004
- C:\Windows\System\ooEZLKm.exe
  C:\Windows\System\ooEZLKm.exe
  2⤵
  PID:7176
- C:\Windows\System\ydUdCXL.exe
  C:\Windows\System\ydUdCXL.exe
  2⤵
  PID:7532
- C:\Windows\System\mittehF.exe
  C:\Windows\System\mittehF.exe
  2⤵
  PID:7452
- C:\Windows\System\FVWQCeq.exe
  C:\Windows\System\FVWQCeq.exe
  2⤵
  PID:7348
- C:\Windows\System\HTUCUgF.exe
  C:\Windows\System\HTUCUgF.exe
  2⤵
  PID:7708
- C:\Windows\System\GCfBZbL.exe
  C:\Windows\System\GCfBZbL.exe
  2⤵
  PID:7688
- C:\Windows\System\cuSQTQA.exe
  C:\Windows\System\cuSQTQA.exe
  2⤵
  PID:7236
- C:\Windows\System\cJxLcVl.exe
  C:\Windows\System\cJxLcVl.exe
  2⤵
  PID:6996
- C:\Windows\System\ZjLJxiC.exe
  C:\Windows\System\ZjLJxiC.exe
  2⤵
  PID:8096
- C:\Windows\System\lshQRxu.exe
  C:\Windows\System\lshQRxu.exe
  2⤵
  PID:7328
- C:\Windows\System\EouBLjA.exe
  C:\Windows\System\EouBLjA.exe
  2⤵
  PID:7228
- C:\Windows\System\XeZMRpk.exe
  C:\Windows\System\XeZMRpk.exe
  2⤵
  PID:7096
- C:\Windows\System\hEEpafO.exe
  C:\Windows\System\hEEpafO.exe
  2⤵
  PID:7648
- C:\Windows\System\JDSBGAt.exe
  C:\Windows\System\JDSBGAt.exe
  2⤵
  PID:7612
- C:\Windows\System\cajZXtW.exe
  C:\Windows\System\cajZXtW.exe
  2⤵
  PID:7860
- C:\Windows\System\snJmdXd.exe
  C:\Windows\System\snJmdXd.exe
  2⤵
  PID:1324
- C:\Windows\System\SfwCoCx.exe
  C:\Windows\System\SfwCoCx.exe
  2⤵
  PID:7920
- C:\Windows\System\WtRkBsB.exe
  C:\Windows\System\WtRkBsB.exe
  2⤵
  PID:8152
- C:\Windows\System\RHpgeTS.exe
  C:\Windows\System\RHpgeTS.exe
  2⤵
  PID:8080
- C:\Windows\System\gvVqdil.exe
  C:\Windows\System\gvVqdil.exe
  2⤵
  PID:7460
- C:\Windows\System\unZnnzu.exe
  C:\Windows\System\unZnnzu.exe
  2⤵
  PID:7656
- C:\Windows\System\klZPOQr.exe
  C:\Windows\System\klZPOQr.exe
  2⤵
  PID:8228
- C:\Windows\System\CXUaZwz.exe
  C:\Windows\System\CXUaZwz.exe
  2⤵
  PID:8248
- C:\Windows\System\bdSSBqV.exe
  C:\Windows\System\bdSSBqV.exe
  2⤵
  PID:8264
- C:\Windows\System\RnHdbpp.exe
  C:\Windows\System\RnHdbpp.exe
  2⤵
  PID:8288
- C:\Windows\System\gXbEJOl.exe
  C:\Windows\System\gXbEJOl.exe
  2⤵
  PID:8304
- C:\Windows\System\dLajzBV.exe
  C:\Windows\System\dLajzBV.exe
  2⤵
  PID:8320
- C:\Windows\System\ShLZdvC.exe
  C:\Windows\System\ShLZdvC.exe
  2⤵
  PID:8336
- C:\Windows\System\bDVatqh.exe
  C:\Windows\System\bDVatqh.exe
  2⤵
  PID:8356
- C:\Windows\System\rrwGgyM.exe
  C:\Windows\System\rrwGgyM.exe
  2⤵
  PID:8400
- C:\Windows\System\LldqBfS.exe
  C:\Windows\System\LldqBfS.exe
  2⤵
  PID:8416
- C:\Windows\System\wnWdgmN.exe
  C:\Windows\System\wnWdgmN.exe
  2⤵
  PID:8432
- C:\Windows\System\XaprmrS.exe
  C:\Windows\System\XaprmrS.exe
  2⤵
  PID:8448
- C:\Windows\System\YjQQPNw.exe
  C:\Windows\System\YjQQPNw.exe
  2⤵
  PID:8464
- C:\Windows\System\JSpVRLO.exe
  C:\Windows\System\JSpVRLO.exe
  2⤵
  PID:8480
- C:\Windows\System\AiSYxQX.exe
  C:\Windows\System\AiSYxQX.exe
  2⤵
  PID:8496
- C:\Windows\System\YpkeUUc.exe
  C:\Windows\System\YpkeUUc.exe
  2⤵
  PID:8512
- C:\Windows\System\UWhNNYx.exe
  C:\Windows\System\UWhNNYx.exe
  2⤵
  PID:8528
- C:\Windows\System\vhRahqR.exe
  C:\Windows\System\vhRahqR.exe
  2⤵
  PID:8544
- C:\Windows\System\JsXfptA.exe
  C:\Windows\System\JsXfptA.exe
  2⤵
  PID:8560
- C:\Windows\System\CevneYA.exe
  C:\Windows\System\CevneYA.exe
  2⤵
  PID:8580
- C:\Windows\System\pWKONMU.exe
  C:\Windows\System\pWKONMU.exe
  2⤵
  PID:8600
- C:\Windows\System\EIsXXCL.exe
  C:\Windows\System\EIsXXCL.exe
  2⤵
  PID:8632
- C:\Windows\System\qRqApUc.exe
  C:\Windows\System\qRqApUc.exe
  2⤵
  PID:8652
- C:\Windows\System\XpVqfQa.exe
  C:\Windows\System\XpVqfQa.exe
  2⤵
  PID:8668
- C:\Windows\System\MFGkYUE.exe
  C:\Windows\System\MFGkYUE.exe
  2⤵
  PID:8696
- C:\Windows\System\DMxuLWw.exe
  C:\Windows\System\DMxuLWw.exe
  2⤵
  PID:8712
- C:\Windows\System\mbmfrNT.exe
  C:\Windows\System\mbmfrNT.exe
  2⤵
  PID:8760
- C:\Windows\System\Dcymrdf.exe
  C:\Windows\System\Dcymrdf.exe
  2⤵
  PID:8780
- C:\Windows\System\yLlEwoz.exe
  C:\Windows\System\yLlEwoz.exe
  2⤵
  PID:8800
- C:\Windows\System\JEvsWFS.exe
  C:\Windows\System\JEvsWFS.exe
  2⤵
  PID:8816
- C:\Windows\System\zBZRrAe.exe
  C:\Windows\System\zBZRrAe.exe
  2⤵
  PID:8844
- C:\Windows\System\nFnsPRf.exe
  C:\Windows\System\nFnsPRf.exe
  2⤵
  PID:8860
- C:\Windows\System\CIbABNi.exe
  C:\Windows\System\CIbABNi.exe
  2⤵
  PID:8880
- C:\Windows\System\UDtSpli.exe
  C:\Windows\System\UDtSpli.exe
  2⤵
  PID:8904
- C:\Windows\System\nSpMxHV.exe
  C:\Windows\System\nSpMxHV.exe
  2⤵
  PID:8924
- C:\Windows\System\klQcWDd.exe
  C:\Windows\System\klQcWDd.exe
  2⤵
  PID:8944
- C:\Windows\System\LPUZPSJ.exe
  C:\Windows\System\LPUZPSJ.exe
  2⤵
  PID:8964
- C:\Windows\System\douETNr.exe
  C:\Windows\System\douETNr.exe
  2⤵
  PID:8980
- C:\Windows\System\dmbFsqa.exe
  C:\Windows\System\dmbFsqa.exe
  2⤵
  PID:9000
- C:\Windows\System\AVoZoSj.exe
  C:\Windows\System\AVoZoSj.exe
  2⤵
  PID:9024
- C:\Windows\System\RktqkQe.exe
  C:\Windows\System\RktqkQe.exe
  2⤵
  PID:9044
- C:\Windows\System\HULKEyR.exe
  C:\Windows\System\HULKEyR.exe
  2⤵
  PID:9060
- C:\Windows\System\CZwMOZS.exe
  C:\Windows\System\CZwMOZS.exe
  2⤵
  PID:9084
- C:\Windows\System\qUAfiYb.exe
  C:\Windows\System\qUAfiYb.exe
  2⤵
  PID:9108
- C:\Windows\System\LWtFuVJ.exe
  C:\Windows\System\LWtFuVJ.exe
  2⤵
  PID:9124
- C:\Windows\System\JXASxPJ.exe
  C:\Windows\System\JXASxPJ.exe
  2⤵
  PID:9144
- C:\Windows\System\nModmbo.exe
  C:\Windows\System\nModmbo.exe
  2⤵
  PID:9164
- C:\Windows\System\IdKmZuu.exe
  C:\Windows\System\IdKmZuu.exe
  2⤵
  PID:9180
- C:\Windows\System\XiTolHa.exe
  C:\Windows\System\XiTolHa.exe
  2⤵
  PID:9196
- C:\Windows\System\XdTxiyi.exe
  C:\Windows\System\XdTxiyi.exe
  2⤵
  PID:9212
- C:\Windows\System\jOFIDxx.exe
  C:\Windows\System\jOFIDxx.exe
  2⤵
  PID:7508
- C:\Windows\System\oryQkDT.exe
  C:\Windows\System\oryQkDT.exe
  2⤵
  PID:8236
- C:\Windows\System\sXNvKpL.exe
  C:\Windows\System\sXNvKpL.exe
  2⤵
  PID:8208
- C:\Windows\System\HvQGFVT.exe
  C:\Windows\System\HvQGFVT.exe
  2⤵
  PID:8200
- C:\Windows\System\fTXsWqX.exe
  C:\Windows\System\fTXsWqX.exe
  2⤵
  PID:8284
- C:\Windows\System\NeJvmEG.exe
  C:\Windows\System\NeJvmEG.exe
  2⤵
  PID:8352
- C:\Windows\System\iSWfclK.exe
  C:\Windows\System\iSWfclK.exe
  2⤵
  PID:8328
- C:\Windows\System\OGVfAmK.exe
  C:\Windows\System\OGVfAmK.exe
  2⤵
  PID:8376
- C:\Windows\System\XDNscUW.exe
  C:\Windows\System\XDNscUW.exe
  2⤵
  PID:8408
- C:\Windows\System\lxTDKmw.exe
  C:\Windows\System\lxTDKmw.exe
  2⤵
  PID:8428
- C:\Windows\System\CJUYKgf.exe
  C:\Windows\System\CJUYKgf.exe
  2⤵
  PID:8476
- C:\Windows\System\YGTxoJb.exe
  C:\Windows\System\YGTxoJb.exe
  2⤵
  PID:8572
- C:\Windows\System\MZzHVTG.exe
  C:\Windows\System\MZzHVTG.exe
  2⤵
  PID:8620
- C:\Windows\System\WMlnLVP.exe
  C:\Windows\System\WMlnLVP.exe
  2⤵
  PID:8660
- C:\Windows\System\UIybPsW.exe
  C:\Windows\System\UIybPsW.exe
  2⤵
  PID:8488
- C:\Windows\System\fpiLdSQ.exe
  C:\Windows\System\fpiLdSQ.exe
  2⤵
  PID:8596
- C:\Windows\System\qNxuPGq.exe
  C:\Windows\System\qNxuPGq.exe
  2⤵
  PID:8648
- C:\Windows\System\qGiMahU.exe
  C:\Windows\System\qGiMahU.exe
  2⤵
  PID:8692
- C:\Windows\System\rghkRXL.exe
  C:\Windows\System\rghkRXL.exe
  2⤵
  PID:8740
- C:\Windows\System\rXmwzWY.exe
  C:\Windows\System\rXmwzWY.exe
  2⤵
  PID:8752
- C:\Windows\System\bjIDlvy.exe
  C:\Windows\System\bjIDlvy.exe
  2⤵
  PID:8808
- C:\Windows\System\oduqtgw.exe
  C:\Windows\System\oduqtgw.exe
  2⤵
  PID:8828
- C:\Windows\System\cOyBAkJ.exe
  C:\Windows\System\cOyBAkJ.exe
  2⤵
  PID:8856
- C:\Windows\System\HMvIPEJ.exe
  C:\Windows\System\HMvIPEJ.exe
  2⤵
  PID:8892
- C:\Windows\System\eBXeBGi.exe
  C:\Windows\System\eBXeBGi.exe
  2⤵
  PID:8920
- C:\Windows\System\svZtBXA.exe
  C:\Windows\System\svZtBXA.exe
  2⤵
  PID:8960
- C:\Windows\System\JHDUhzc.exe
  C:\Windows\System\JHDUhzc.exe
  2⤵
  PID:8996
- C:\Windows\System\vffokud.exe
  C:\Windows\System\vffokud.exe
  2⤵
  PID:9016
- C:\Windows\System\cJTnYqR.exe
  C:\Windows\System\cJTnYqR.exe
  2⤵
  PID:9052
- C:\Windows\System\HYBdZUQ.exe
  C:\Windows\System\HYBdZUQ.exe
  2⤵
  PID:9092
- C:\Windows\System\pDZvNSO.exe
  C:\Windows\System\pDZvNSO.exe
  2⤵
  PID:9120
- C:\Windows\System\eZiOxLE.exe
  C:\Windows\System\eZiOxLE.exe
  2⤵
  PID:9172
- C:\Windows\System\GlDKMqI.exe
  C:\Windows\System\GlDKMqI.exe
  2⤵
  PID:9188
- C:\Windows\System\jOfEcxj.exe
  C:\Windows\System\jOfEcxj.exe
  2⤵
  PID:8068
- C:\Windows\System\npRouyB.exe
  C:\Windows\System\npRouyB.exe
  2⤵
  PID:2436
- C:\Windows\System\jwTBqDs.exe
  C:\Windows\System\jwTBqDs.exe
  2⤵
  PID:8272
- C:\Windows\System\OzkbbYc.exe
  C:\Windows\System\OzkbbYc.exe
  2⤵
  PID:8316
- C:\Windows\System\byzVFIQ.exe
  C:\Windows\System\byzVFIQ.exe
  2⤵
  PID:8332
- C:\Windows\System\DTYIctw.exe
  C:\Windows\System\DTYIctw.exe
  2⤵
  PID:8388
- C:\Windows\System\bXNCDbI.exe
  C:\Windows\System\bXNCDbI.exe
  2⤵
  PID:8536
- C:\Windows\System\NtHVXSO.exe
  C:\Windows\System\NtHVXSO.exe
  2⤵
  PID:8540
- C:\Windows\System\qLpLxYD.exe
  C:\Windows\System\qLpLxYD.exe
  2⤵
  PID:8684
- C:\Windows\System\LqlAbEH.exe
  C:\Windows\System\LqlAbEH.exe
  2⤵
  PID:8708
- C:\Windows\System\HwkoXrj.exe
  C:\Windows\System\HwkoXrj.exe
  2⤵
  PID:8732
- C:\Windows\System\dSVwudC.exe
  C:\Windows\System\dSVwudC.exe
  2⤵
  PID:8756
- C:\Windows\System\CHHnfNd.exe
  C:\Windows\System\CHHnfNd.exe
  2⤵
  PID:8776
- C:\Windows\System\iBfYSsy.exe
  C:\Windows\System\iBfYSsy.exe
  2⤵
  PID:8840
- C:\Windows\System\JmfQxWh.exe
  C:\Windows\System\JmfQxWh.exe
  2⤵
  PID:8888
- C:\Windows\System\RzbUnsK.exe
  C:\Windows\System\RzbUnsK.exe
  2⤵
  PID:8936
- C:\Windows\System\iXRhYoj.exe
  C:\Windows\System\iXRhYoj.exe
  2⤵
  PID:9072
- C:\Windows\System\pSlgrof.exe
  C:\Windows\System\pSlgrof.exe
  2⤵
  PID:9012
- C:\Windows\System\UrWxYAo.exe
  C:\Windows\System\UrWxYAo.exe
  2⤵
  PID:9136
- C:\Windows\System\GtwHlgP.exe
  C:\Windows\System\GtwHlgP.exe
  2⤵
  PID:9204
- C:\Windows\System\aiJGyrQ.exe
  C:\Windows\System\aiJGyrQ.exe
  2⤵
  PID:9160
- C:\Windows\System\vOdUGje.exe
  C:\Windows\System\vOdUGje.exe
  2⤵
  PID:7416
- C:\Windows\System\dNOmJrz.exe
  C:\Windows\System\dNOmJrz.exe
  2⤵
  PID:8260
- C:\Windows\System\tiLOkol.exe
  C:\Windows\System\tiLOkol.exe
  2⤵
  PID:8424
- C:\Windows\System\jvUJaYe.exe
  C:\Windows\System\jvUJaYe.exe
  2⤵
  PID:8568
- C:\Windows\System\GhNGROX.exe
  C:\Windows\System\GhNGROX.exe
  2⤵
  PID:8588
- C:\Windows\System\awKsTzk.exe
  C:\Windows\System\awKsTzk.exe
  2⤵
  PID:8796
- C:\Windows\System\IBnyrCh.exe
  C:\Windows\System\IBnyrCh.exe
  2⤵
  PID:9032
- C:\Windows\System\FEGHScO.exe
  C:\Windows\System\FEGHScO.exe
  2⤵
  PID:9068
- C:\Windows\System\MMLydcI.exe
  C:\Windows\System\MMLydcI.exe
  2⤵
  PID:9100
- C:\Windows\System\QaPdagT.exe
  C:\Windows\System\QaPdagT.exe
  2⤵
  PID:8772
- C:\Windows\System\LMsVNAJ.exe
  C:\Windows\System\LMsVNAJ.exe
  2⤵
  PID:8244
- C:\Windows\System\nnITUlV.exe
  C:\Windows\System\nnITUlV.exe
  2⤵
  PID:8988
- C:\Windows\System\JWCkPJc.exe
  C:\Windows\System\JWCkPJc.exe
  2⤵
  PID:7804
- C:\Windows\System\LdMhuty.exe
  C:\Windows\System\LdMhuty.exe
  2⤵
  PID:8440
- C:\Windows\System\HKprpwI.exe
  C:\Windows\System\HKprpwI.exe
  2⤵
  PID:8748
- C:\Windows\System\SRUMSgP.exe
  C:\Windows\System\SRUMSgP.exe
  2⤵
  PID:8492
- C:\Windows\System\uLaFamR.exe
  C:\Windows\System\uLaFamR.exe
  2⤵
  PID:9076
- C:\Windows\System\XECBHwh.exe
  C:\Windows\System\XECBHwh.exe
  2⤵
  PID:8836
- C:\Windows\System\EXvTGrL.exe
  C:\Windows\System\EXvTGrL.exe
  2⤵
  PID:8204
- C:\Windows\System\vpGLRoE.exe
  C:\Windows\System\vpGLRoE.exe
  2⤵
  PID:9192
- C:\Windows\System\omxwrch.exe
  C:\Windows\System\omxwrch.exe
  2⤵
  PID:8688
- C:\Windows\System\dLvrMxf.exe
  C:\Windows\System\dLvrMxf.exe
  2⤵
  PID:8876
- C:\Windows\System\HBSgzBl.exe
  C:\Windows\System\HBSgzBl.exe
  2⤵
  PID:8256
- C:\Windows\System\zCEdOWZ.exe
  C:\Windows\System\zCEdOWZ.exe
  2⤵
  PID:8812
- C:\Windows\System\ETPeoVr.exe
  C:\Windows\System\ETPeoVr.exe
  2⤵
  PID:9080
- C:\Windows\System\AigwSZF.exe
  C:\Windows\System\AigwSZF.exe
  2⤵
  PID:8952
- C:\Windows\System\PCKMMEX.exe
  C:\Windows\System\PCKMMEX.exe
  2⤵
  PID:8680
- C:\Windows\System\mUcfnyF.exe
  C:\Windows\System\mUcfnyF.exe
  2⤵
  PID:9156
- C:\Windows\System\ovNpsux.exe
  C:\Windows\System\ovNpsux.exe
  2⤵
  PID:9232
- C:\Windows\System\aIjythE.exe
  C:\Windows\System\aIjythE.exe
  2⤵
  PID:9252
- C:\Windows\System\QAOhzbB.exe
  C:\Windows\System\QAOhzbB.exe
  2⤵
  PID:9268
- C:\Windows\System\zMdkcEn.exe
  C:\Windows\System\zMdkcEn.exe
  2⤵
  PID:9292
- C:\Windows\System\jgsldXN.exe
  C:\Windows\System\jgsldXN.exe
  2⤵
  PID:9308
- C:\Windows\System\bVsKmha.exe
  C:\Windows\System\bVsKmha.exe
  2⤵
  PID:9324
- C:\Windows\System\yoTlUkf.exe
  C:\Windows\System\yoTlUkf.exe
  2⤵
  PID:9340
- C:\Windows\System\tDSTplA.exe
  C:\Windows\System\tDSTplA.exe
  2⤵
  PID:9368
- C:\Windows\System\oQILJCA.exe
  C:\Windows\System\oQILJCA.exe
  2⤵
  PID:9388
- C:\Windows\System\WgYhywh.exe
  C:\Windows\System\WgYhywh.exe
  2⤵
  PID:9416
- C:\Windows\System\rdsebRw.exe
  C:\Windows\System\rdsebRw.exe
  2⤵
  PID:9432
- C:\Windows\System\WnZNpaJ.exe
  C:\Windows\System\WnZNpaJ.exe
  2⤵
  PID:9448
- C:\Windows\System\KjtGhlU.exe
  C:\Windows\System\KjtGhlU.exe
  2⤵
  PID:9476
- C:\Windows\System\DQbGRQW.exe
  C:\Windows\System\DQbGRQW.exe
  2⤵
  PID:9496
- C:\Windows\System\xvUqWmk.exe
  C:\Windows\System\xvUqWmk.exe
  2⤵
  PID:9512
- C:\Windows\System\rtItzoQ.exe
  C:\Windows\System\rtItzoQ.exe
  2⤵
  PID:9528
- C:\Windows\System\GpBceDi.exe
  C:\Windows\System\GpBceDi.exe
  2⤵
  PID:9544
- C:\Windows\System\TyAwcHS.exe
  C:\Windows\System\TyAwcHS.exe
  2⤵
  PID:9572
- C:\Windows\System\BHSuqgS.exe
  C:\Windows\System\BHSuqgS.exe
  2⤵
  PID:9588
- C:\Windows\System\NXwSKHf.exe
  C:\Windows\System\NXwSKHf.exe
  2⤵
  PID:9608
- C:\Windows\System\MfeXOny.exe
  C:\Windows\System\MfeXOny.exe
  2⤵
  PID:9632
- C:\Windows\System\GlFysGp.exe
  C:\Windows\System\GlFysGp.exe
  2⤵
  PID:9652
- C:\Windows\System\GIqxvVs.exe
  C:\Windows\System\GIqxvVs.exe
  2⤵
  PID:9672
- C:\Windows\System\HJMXRrI.exe
  C:\Windows\System\HJMXRrI.exe
  2⤵
  PID:9692
- C:\Windows\System\NlwSGHL.exe
  C:\Windows\System\NlwSGHL.exe
  2⤵
  PID:9712
- C:\Windows\System\KUzlUNH.exe
  C:\Windows\System\KUzlUNH.exe
  2⤵
  PID:9728
- C:\Windows\System\ieGfyTZ.exe
  C:\Windows\System\ieGfyTZ.exe
  2⤵
  PID:9752
- C:\Windows\System\GltsFPz.exe
  C:\Windows\System\GltsFPz.exe
  2⤵
  PID:9768
- C:\Windows\System\OdsHoTM.exe
  C:\Windows\System\OdsHoTM.exe
  2⤵
  PID:9788
- C:\Windows\System\BIUtnPC.exe
  C:\Windows\System\BIUtnPC.exe
  2⤵
  PID:9804
- C:\Windows\System\MQfBvTj.exe
  C:\Windows\System\MQfBvTj.exe
  2⤵
  PID:9820
- C:\Windows\System\EBJpvxr.exe
  C:\Windows\System\EBJpvxr.exe
  2⤵
  PID:9852
- C:\Windows\System\ZcNMegl.exe
  C:\Windows\System\ZcNMegl.exe
  2⤵
  PID:9872
- C:\Windows\System\jKZEQzm.exe
  C:\Windows\System\jKZEQzm.exe
  2⤵
  PID:9892
- C:\Windows\System\ZDVtTvT.exe
  C:\Windows\System\ZDVtTvT.exe
  2⤵
  PID:9912
- C:\Windows\System\ZEVNjTN.exe
  C:\Windows\System\ZEVNjTN.exe
  2⤵
  PID:9932
- C:\Windows\System\NLxNaGt.exe
  C:\Windows\System\NLxNaGt.exe
  2⤵
  PID:9952
- C:\Windows\System\duOpqNH.exe
  C:\Windows\System\duOpqNH.exe
  2⤵
  PID:9968
- C:\Windows\System\pXIZZSU.exe
  C:\Windows\System\pXIZZSU.exe
  2⤵
  PID:9988
- C:\Windows\System\rcFibbv.exe
  C:\Windows\System\rcFibbv.exe
  2⤵
  PID:10016
- C:\Windows\System\NgMpfBd.exe
  C:\Windows\System\NgMpfBd.exe
  2⤵
  PID:10036
- C:\Windows\System\bhBMIOs.exe
  C:\Windows\System\bhBMIOs.exe
  2⤵
  PID:10060
- C:\Windows\System\dFyqNBD.exe
  C:\Windows\System\dFyqNBD.exe
  2⤵
  PID:10080
- C:\Windows\System\nLleFQr.exe
  C:\Windows\System\nLleFQr.exe
  2⤵
  PID:10100
- C:\Windows\System\xhatuZf.exe
  C:\Windows\System\xhatuZf.exe
  2⤵
  PID:10116
- C:\Windows\System\RmgFzQx.exe
  C:\Windows\System\RmgFzQx.exe
  2⤵
  PID:10140
- C:\Windows\System\UehJrRB.exe
  C:\Windows\System\UehJrRB.exe
  2⤵
  PID:10156
- C:\Windows\System\MZPFZst.exe
  C:\Windows\System\MZPFZst.exe
  2⤵
  PID:10172
- C:\Windows\System\XWubPzF.exe
  C:\Windows\System\XWubPzF.exe
  2⤵
  PID:10192
- C:\Windows\System\spKBpIG.exe
  C:\Windows\System\spKBpIG.exe
  2⤵
  PID:10212
- C:\Windows\System\WoAZcPX.exe
  C:\Windows\System\WoAZcPX.exe
  2⤵
  PID:10228
- C:\Windows\System\ABieVac.exe
  C:\Windows\System\ABieVac.exe
  2⤵
  PID:7692
- C:\Windows\System\pfmKuUS.exe
  C:\Windows\System\pfmKuUS.exe
  2⤵
  PID:9260
- C:\Windows\System\ghwzXfe.exe
  C:\Windows\System\ghwzXfe.exe
  2⤵
  PID:9280
- C:\Windows\System\VkzETyn.exe
  C:\Windows\System\VkzETyn.exe
  2⤵
  PID:9356
- C:\Windows\System\JoCzZeP.exe
  C:\Windows\System\JoCzZeP.exe
  2⤵
  PID:9304
- C:\Windows\System\THNHfNP.exe
  C:\Windows\System\THNHfNP.exe
  2⤵
  PID:9384
- C:\Windows\System\bLBvEDA.exe
  C:\Windows\System\bLBvEDA.exe
  2⤵
  PID:9404
- C:\Windows\System\xwZMljW.exe
  C:\Windows\System\xwZMljW.exe
  2⤵
  PID:9456
- C:\Windows\System\WEBgAOi.exe
  C:\Windows\System\WEBgAOi.exe
  2⤵
  PID:9468
- C:\Windows\System\LEQBbyy.exe
  C:\Windows\System\LEQBbyy.exe
  2⤵
  PID:9504
- C:\Windows\System\MSRlYYX.exe
  C:\Windows\System\MSRlYYX.exe
  2⤵
  PID:9564
- C:\Windows\System\YclEIdc.exe
  C:\Windows\System\YclEIdc.exe
  2⤵
  PID:9600
- C:\Windows\System\RlrhYgc.exe
  C:\Windows\System\RlrhYgc.exe
  2⤵
  PID:9604
- C:\Windows\System\viDADcj.exe
  C:\Windows\System\viDADcj.exe
  2⤵
  PID:9624
- C:\Windows\System\nmjNvqf.exe
  C:\Windows\System\nmjNvqf.exe
  2⤵
  PID:9664
- C:\Windows\System\vsrDucJ.exe
  C:\Windows\System\vsrDucJ.exe
  2⤵
  PID:9700
- C:\Windows\System\KUKwzsm.exe
  C:\Windows\System\KUKwzsm.exe
  2⤵
  PID:9736
- C:\Windows\System\iJGIzyy.exe
  C:\Windows\System\iJGIzyy.exe
  2⤵
  PID:9764
- C:\Windows\System\dgmsWzd.exe
  C:\Windows\System\dgmsWzd.exe
  2⤵
  PID:9832
- C:\Windows\System\GXFtDBj.exe
  C:\Windows\System\GXFtDBj.exe
  2⤵
  PID:9780
- C:\Windows\System\xuGcXLq.exe
  C:\Windows\System\xuGcXLq.exe
  2⤵
  PID:9884
- C:\Windows\System\sRHzlxx.exe
  C:\Windows\System\sRHzlxx.exe
  2⤵
  PID:9924
- C:\Windows\System\eGDkOUl.exe
  C:\Windows\System\eGDkOUl.exe
  2⤵
  PID:9960
- C:\Windows\System\VFFkoYe.exe
  C:\Windows\System\VFFkoYe.exe
  2⤵
  PID:9976
- C:\Windows\System\nCavoAl.exe
  C:\Windows\System\nCavoAl.exe
  2⤵
  PID:10004
- C:\Windows\System\FWoHjxB.exe
  C:\Windows\System\FWoHjxB.exe
  2⤵
  PID:10048
- C:\Windows\System\PpcavZe.exe
  C:\Windows\System\PpcavZe.exe
  2⤵
  PID:10072
- C:\Windows\System\QCwEftM.exe
  C:\Windows\System\QCwEftM.exe
  2⤵
  PID:10124
- C:\Windows\System\auldHHk.exe
  C:\Windows\System\auldHHk.exe
  2⤵
  PID:10148
- C:\Windows\System\vZoVJSb.exe
  C:\Windows\System\vZoVJSb.exe
  2⤵
  PID:10168
- C:\Windows\System\JHrdphP.exe
  C:\Windows\System\JHrdphP.exe
  2⤵
  PID:10224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALgBRMZ.exe

Filesize
6.0MB

MD5
08358924900aabec7f016e01d3cb79ee

SHA1
b25e446d1fdbd6054e7749aaba2044a109153962

SHA256
84fb358c8455639ac6a953c13ce6fdd03ce8b37f31b7d8c763de8a49f7b80b65

SHA512
b3a98a2567a90b116e7321a129c9aa0e67275b289ed3f40927e28ce606d8b0636de044140f09438ceb5b30f89702608c25fe6c78dab6756a39f4b50e6e3171f2

Download Submit
C:\Windows\system\CbTxLQr.exe

Filesize
6.0MB

MD5
0c17631a389b8ffa9dfa42f9da8dca86

SHA1
f5ad2d2394048436f3b7b0cdff94c9d1e0bb917a

SHA256
55086dda580d4129da9e9240ba8208e7df9827c53212c2af96048880f787889e

SHA512
fd17b26332dd1e4801f54a7ad423efafc500df5b0e6fa3d11043118f0bd87e200f6ded3e12b88a93869fd1b40273790c4c0f1821e001e5a3e85755420e83ade6

Download Submit
C:\Windows\system\FDMCkOJ.exe

Filesize
6.0MB

MD5
1dee2e14b97a334ce2b7387fa2fa70ed

SHA1
b31fb84b83608158be9416da2f71f31ad3eb0b28

SHA256
cf965a2d863c9fbcca03ef287e8dc26ad32ed926a82ebd439bc61edf2cfaf656

SHA512
f1af484dd36fb69642b58706335a953ec16a4081197ee48b94b7bc7004bba93c6712d59260d970e2fe363783227e1f0255fac54c9de611dd75c1d28ff349a1f8

Download Submit
C:\Windows\system\HKZSjOq.exe

Filesize
6.0MB

MD5
0c4257e79ba00f3fb461d6977ea4ea5e

SHA1
fd269f6ad69b70c41bf2c48027df48618840d449

SHA256
a3668837ace186c72f9d743305c67b9b732bd8fb6fbef938d147a724cd343ac2

SHA512
5647b89da402d03c6a7a5d1f7d1470711f7005e5b5da0df6159d6638ffcf8710a2c8da313f19d56e4b5882e2ce6f360c0981e6c45bbaa29320bc6ebab2ae53c5

Download Submit
C:\Windows\system\OVIgfQg.exe

Filesize
6.0MB

MD5
8a958eac90f48b6ea668486e95232b7a

SHA1
8c49e8a1e223496b5ae92c1553b4fb52b767267d

SHA256
3ebabdfb699b4062a98bab184326035648dbe1320ce2ac544d9f456ae74d68ae

SHA512
c7047fff1c6425007ef45372b48b6d214e4b4a1858eb6f8d1c8727bb3837ea0540360e95d6d8e186036d4ab49b6919a1457f43f0f0a69722a297c7e57274ff59

Download Submit
C:\Windows\system\OmpRrjl.exe

Filesize
6.0MB

MD5
eb23fafa9e676c2a18423ba3e745e79a

SHA1
fa04a51a72c0ef4e48810c0d2069007295e13d6f

SHA256
5b2f7d4bd451e091af452a5b67062201980154f9ca013b7dba232f95359480be

SHA512
76c1aac333c1b376321807b1c986492a60949e2bfd963f3e50f596b5d98b67d9476662a7efbc9aaf85c833c5a87b5c11416496887cbff1cff48e43067884f234

Download Submit
C:\Windows\system\PKASXWl.exe

Filesize
6.0MB

MD5
54ec9011a1b16c08a6d90a14c862136e

SHA1
36419ec3fa2b4910847fb2f75acbbf243a4a3ffe

SHA256
a519ed7c87af7981be7906cf19658117aed564394bb7f210bddd3817539aa81a

SHA512
fe10594ef14291581f9f39eb66ad865751cedc57ce9d819783a2b3fc6719408b873fd5f1a272128bea0cc01a2b52aec5e75e7422bb0a8d862ec4e564d89a9746

Download Submit
C:\Windows\system\SsRwVwh.exe

Filesize
6.0MB

MD5
36e12f67a6fe774b29dcb566e850dff6

SHA1
4e4da0caa20a1248f0549486ad2693253c5d8242

SHA256
23148ad4bdf43e18ef211e79b906a81cfe52fdce0bae42727ce1c007f9e01f52

SHA512
a345125bf5b4f2ddd7f1f8aa52ae4b27b51275c6348800ab7ff7ca042f06d7f9d6a3242ac04646e91b7ce2527d28541bbbfe4c7a088dc78c7b3304307f82d085

Download Submit
C:\Windows\system\TTLVTio.exe

Filesize
6.0MB

MD5
152173eeb32937a35727d40cdacb86de

SHA1
91fb6663448a961f0fa9de7f2b769b1c6b2a7c65

SHA256
5eb439f05468c1dd994d1afef5bfec3bdf938a795dd1969f5d90855aa67d7492

SHA512
aa6775edd89e1a7be5f99e18156d59e77fd8d09942a8758cb507b475c67a6250bb19a85842fb51bdb223ff7d823e1ae35543992dd023b954450dbf4f31080766

Download Submit
C:\Windows\system\TfWfDPR.exe

Filesize
6.0MB

MD5
7021c5b84917a39422400ff179882674

SHA1
128a195044a8aa802cbdb350cb68ad4795fbe774

SHA256
38a6d4386bb3859aa221d605e04fd266e394e0826f512e8bd9f8a7d74b6ec257

SHA512
97c972b483786f250322cc0473b6d091bf928ece0240c41c806063501b460075748b0e79b796567b20f49e766bb7184c93d459c1bd5fb176a33a479856ac94b1

Download Submit
C:\Windows\system\Vobzzyj.exe

Filesize
6.0MB

MD5
df949d07bb17f78486e4f232fbcdc33b

SHA1
fbb8441640a7473459db7cd972564fd8c24d4c9c

SHA256
6ab8a930d100b9350a0b286f0da021f04fad52c1c4349214b71e83e8973d23b3

SHA512
2f18de6a1447bf1d045676d194f5a1b3f1daec4e24e1e86f223a0e29deb682134f6068c7da886a5653598a9a6d8386b39b95db3e978e65db3b4b3a2caf12fb2a

Download Submit
C:\Windows\system\WDhtalI.exe

Filesize
6.0MB

MD5
5bb30f86b17ea37b4fccc29ae21c2f29

SHA1
41549a05c33e89ad0d6055ddff2e5cbd33f61a33

SHA256
e0636ce19acfeb4011dd238acfbb7d78e4f9011bbe53750b1d0955d12ddab3c2

SHA512
db34b2a299cdd9d3afd1802a9007c25df845af3f8904ac73ab28418ca4354d35b17a189c91ef87c801eb2f74c3312fcc7def38f822cf4056b64bfb9a0b4f3a71

Download Submit
C:\Windows\system\WlwrMIm.exe

Filesize
6.0MB

MD5
eb8b356a80ba6ded15fcdcdc326ba67f

SHA1
98ce507625412cd87d272fd27499a09e07ecdc80

SHA256
073be70663004cfe31c0040cf1bb4250d43f2b8f07ba04664a76127ebfe3855c

SHA512
f9a0d17bcb07946a0766509be07b4a85682aa98d3c5468228e9eddab47a067d594e57cd552eb678db18ed233374220002114e103073e73608dbd72d4714c107a

Download Submit
C:\Windows\system\YIILQBO.exe

Filesize
8B

MD5
4cff11d7a63b8eda00b8212eb73a61a6

SHA1
55212ccbd9de958423f1cb94b8b389d82140d27f

SHA256
3b12337388462d596724179cdce820569844bbc48886e6121bcf67be780279cb

SHA512
53c56096c560c0ee3c5d21d73a1c1995262abc0ce37d00af3bd2404d0acc56897f05f101b26927846d3f0bfb68c4ead4d47e00ef4f1aa04a15656d0c3c91c15f

Download Submit
C:\Windows\system\YbSsmXp.exe

Filesize
6.0MB

MD5
ba98273e09aff93d83840f49955279c3

SHA1
28aa6a4d44d84447b953f5272e3a6b6103575f43

SHA256
41127cfdb2185c4d17901c70e8ca7db7093b7b7689d60373771d311b8fbe8ff1

SHA512
de25b3deabce01f3bc9f1b629ae197a71f14972ff927c3a4dc0ed66ad1adc2bb6515ec2d68111a59148cb02ab80def10003346ef305312639d8285d06d5955de

Download Submit
C:\Windows\system\bASIWcx.exe

Filesize
6.0MB

MD5
a70e11cfcc19c598d47f25ba180455b1

SHA1
c281783a9266d7a80194eae95b6eef8ad06a7b2f

SHA256
24b4ed85515b2ac81e00fb4b26b7119bf0fcf4cff0e852f5a7d5f0f63c8dcba9

SHA512
e5959430175086bed67d7024258a3face62965aa701cdb7f554583f1d358ee928dd619ee01efc8e0961a1242105d94de56465364214d483a71705b94dccb8993

Download Submit
C:\Windows\system\bHqUgbH.exe

Filesize
6.0MB

MD5
e58ba163e4dd38f5317e6e0b0cb6d994

SHA1
db4cf53a5890deb6ab950606b88afcdca25230fe

SHA256
5553885ebecd7c53f647eafdedc81e166aa524c519bfcdf9b8c36444578afe4e

SHA512
ade8dfddd7a4c18bffd86704206ddc7dc2f4af76332a796f894d6bb8ee1f2abce8027c720c82a3f64896135ae89f4446c05fb18e3c152faa323a2ff650b3cb02

Download Submit
C:\Windows\system\hIiLSWj.exe

Filesize
6.0MB

MD5
4295b588f97e0950b5aca5f68974caac

SHA1
6f41a4b1a9d1ff0bd87318d16de435d8c1778207

SHA256
1776ad391ea68b872723fc872579c7bf9b2da095292267b8a35b2bc9c1a4c9ec

SHA512
3c586a7c8c1f5f82f85ae31bb3fbe6ae4e31f56c100d88502b741af92649da58b9420689c53893946e1477501724417e7ed1e68442456d71218644bcd45a44bd

Download Submit
C:\Windows\system\hebGaVR.exe

Filesize
6.0MB

MD5
c7aae3fee46d8c693bfb8095dfcb227b

SHA1
e95ee8e4b10f525ef955a604cdcc85fa43d08bb0

SHA256
8a36dc72a94c1e55bd8fd48ff9b952d24de714cc06da252994faa43bfbe43855

SHA512
31b7ff31547516115305e3ab89ebb547011e3a73b8648ebf8c249ec5249f95578b1cb7cea39743eb5ed991ff7aeb00058db481eba918d8001a0288fbd70f4dd2

Download Submit
C:\Windows\system\iEMLOZI.exe

Filesize
6.0MB

MD5
61299c08bee26fd0fa2948f45aa7f320

SHA1
adb128752006117dd9324949bcb55a6b13ed90f8

SHA256
fbd26995f5dd2d12c3049ca28758004e9e9042c0de003b54f8f9048fc6389029

SHA512
4f90087630cb9984148f36605224a970f2f99b450fac573464e31a4582251313e65390924983e1022b9c6aa9786f095f30c4110a7514a54982d86beca85bc43a

Download Submit
C:\Windows\system\iSEkqJO.exe

Filesize
6.0MB

MD5
a14256a7c3d97c33369489ef8cea83f0

SHA1
a95728b03c7eb481b7e20e817920007720f645ce

SHA256
7c40185c1a7456f5a9c9f5b0e96f9de0608f23c74474aeba591237b1d9d9cc4b

SHA512
a436f6c813a881abaf286c7117a87b28bdf0db79faae12aafeeb91d853ec9f4ad2d24fb1703774eeddce6c504ee4eeaab292afc88f8be856f6564eed4e935ccf

Download Submit
C:\Windows\system\mqSUaeW.exe

Filesize
6.0MB

MD5
5ba6b333f40794b08035bc51c3514f6b

SHA1
5660dc73e29c9c1538e3461e3f279c620f9078fa

SHA256
a83f614e22feb172a06ee4eaa363821afcfd5cc210657ded3c4305fed6be79c6

SHA512
1aab2b5a0e82aab367e6ef0ee2b6d437dbbaf6b4f1522f582ff2fd3df8338b762f168b3b41e5dcb4e9c95c64c0dd0063a489f43f4d34112e96b192feb37dcb0f

Download Submit
C:\Windows\system\oZndVWp.exe

Filesize
6.0MB

MD5
3ac0b3955aa3b26705a3c4359753fa64

SHA1
464987fcf6597294cc5193f397ebc7db46acfef0

SHA256
9ead09980ee9e1944bb51ef85c6f501e3e2fa021aabfd3e86dc5512902d367e1

SHA512
20cf9518bf6c4b958a08a9de6b4f2a5adaf7f2cbfc734bd376db31c4c568580fd5a7c993d103701c0cc961e431eb21e5e06982bb09b00f3e49eab7bae8974505

Download Submit
C:\Windows\system\qbvMcQW.exe

Filesize
6.0MB

MD5
6ca1dfe731f75ebf2f1e7212f39d3228

SHA1
45f8ad80d00d6bb055c65bd7eadb1cb6537a0e5f

SHA256
40f88b43720c31c70011f18b5b5f09597cca668091e4bf9ad9d2cce3fb124c01

SHA512
3b3c77c9c1398b36d677f46c677a3531a8346418f37692368894b72f3413583153db41742d76ca28691882d2e519df782f5b976b1237ac71f58fcb6e08bff7ef

Download Submit
C:\Windows\system\rSjpItX.exe

Filesize
6.0MB

MD5
c7620d9d2e61047efa84cb0798a141ee

SHA1
fecb003dd6ebcf5a4025c9e8fdd42f315e4f8d63

SHA256
8bb27166e0c1453d8cd7cd04dab30077625409420cb1c0aafeda1bb772467949

SHA512
cf6e34bd001cbcde2447a58890226841c3006eeb56d46b5b6e70ae8531d4d859717ea54fba89f4a954bb236ddefab9a4c454f0ebcb50096d850689a8921e4c75

Download Submit
C:\Windows\system\rvKAVWx.exe

Filesize
6.0MB

MD5
8659ad7964d7081aed2efcdba2fec5f8

SHA1
ba242d8e1913e2884d1c121d8c3c70fbc58a1fc8

SHA256
75b81a1fa93b2930063bf59d95fca6de4631efcc9e9fb1f5961cb6012419f941

SHA512
c3d4b49cf29099d11386788384b2b5785fee92d06c3d79a590ffbcccdfd82bc3435484e8ef0532e107960b680549a46871849f840a74a7106c0c4d164152c9f0

Download Submit
C:\Windows\system\sasNeaD.exe

Filesize
6.0MB

MD5
fd2db7d1d9fb53303b79838538d96f45

SHA1
a53217ec315f8bff98507d64146f5efaa6a4161b

SHA256
95860f6f7557748be4b5692cce51d851400e1096672c3faac4176a851c64f308

SHA512
2a969f57bf3f9882d0f61a37a651619a5196c427c009155b6a57e848043150da50fb45206a9738dc453a2425e8bfde3825eb9c84c9904a16fc4a68def4156238

Download Submit
C:\Windows\system\vtmyNTa.exe

Filesize
6.0MB

MD5
08f4d60bb92fde6bcbac12ae2f1ede2d

SHA1
1bc643c2cf1c95b5c9d508c911ffe7eca5c45a32

SHA256
d21cda963ca4d865fb8d4b7235cbc6ca846da32895a18be8b97d3d0a3a0a8864

SHA512
42ca4a855cf8f90270f6ecd5efc883cfacd322f8d27c2ea39bcdba9d28b4f045324d6e0037f914dd744dbb5d85a7f249fab8bf191fb335244f6503df967ca57d

Download Submit
C:\Windows\system\yyNpdvV.exe

Filesize
6.0MB

MD5
90fad9ce110b2ad7dbd4e427f6893c71

SHA1
9137ebf4b7b1aa720a4eff1b070b53ae528e0c3c

SHA256
5efc392a9949d4d66f062213f5e72d7335783490d176275da073e6f114f38232

SHA512
067905488e4362db23203feee6c037170d05e6c7bde38c451876314b41007619d356f544a88f68a29c986db61781967114eca346a12aab74e58efd529abb84b3

Download Submit
\Windows\system\APpQztx.exe

Filesize
6.0MB

MD5
cd8ab729b7e700c46c675ba1c7fbb35a

SHA1
7ad6564952ea48b46f4b2f04ab66b688a4db1fe0

SHA256
4a2fd075e65735c918173d711be5e16c497d493892fe0a0b43520f5f2e4c4428

SHA512
82434ebbff4f5e602cf3136598054cc138736c44b6b4deb3d59597828da53b8bbae75e28df84e08ed888a33fe54d93f7142a2d035481c5595063d583659f5e7b

Download Submit
\Windows\system\Rdwkhfh.exe

Filesize
6.0MB

MD5
b0ea53f934465f9c931c3cc8cf645099

SHA1
6c1afa67a90185ed3d52ac4e92763ba43e60af0e

SHA256
1ecb59f3cf2fc336c4233744c7a3b555c95c4d4e4dc4283211745c775ea03762

SHA512
8f25bc43d35d55264d75e90aac30ba0b95b107a36e035392362a1193c2ab2a597304d2df7ca233842f4bceb235f25a322703011c15a7e0bfa0ba451a3e2711ab

Download Submit
\Windows\system\bIhgRZf.exe

Filesize
6.0MB

MD5
42b78f8509e5acba3bf37fb4b245d48c

SHA1
7dd70fc444eaad6eb968d96feab8fc56fd3cd6d7

SHA256
4906d9c59c6c5f7c9aa9ef24a885acef2e382b02215f1d8d2de1bce77fffc5e2

SHA512
68e4a1669acb4d5c8773c7fe70f5118d3256610f5b7b14a3d10f1435f04b3775a0ded3024a359d0f8f5722a18347dff71ab994de3c15b91f257f9742b1e06d4e

Download Submit
\Windows\system\sNlpymT.exe

Filesize
6.0MB

MD5
5c313a4974a26c94df39b3b5cdf3e8e0

SHA1
00905dc7e78a7bad098f1d58bd247656a91fafd8

SHA256
52b540df707a07f007faba9409d8bd94acaacfc600990b12fa2f85cd5a2ceb0d

SHA512
0abc3261786aea25a503f2a7a2445c91ab6a78215edb3bfff643d03c24b1bdfdc49f353eb302a38851ff5eb3c26520159a553576c7b7071d261992e634c375f7

Download Submit
memory/1204-3625-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1204-819-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1204-100-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1672-60-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-3606-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-99-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-108-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1908-974-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3619-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2084-104-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2084-55-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-898-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2084-35-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1074-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2084-0-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2084-103-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-31-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2084-113-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2084-112-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-40-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-47-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2084-70-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-96-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-94-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-63-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-18-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-6-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-727-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-23-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-87-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2084-86-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-12-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3621-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2372-622-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2404-82-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2404-432-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3623-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3612-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-251-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-75-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-81-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3574-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2592-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2652-74-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-36-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3596-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3490-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2668-14-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2668-51-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2736-59-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-21-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3568-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3564-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-28-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-67-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-68-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-107-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3620-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-42-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3507-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3611-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-52-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-91-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download